_tdv issues

Results 4 issues of


                                            _tdv

Cross-Site Scripting (XSS) in "/api/part_categories"

# Bug description A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. ## Steps to reproduce 1. Login as admin. 2. Click on 'Add...

Bug

needs-triage

SQL Injection vulnerability in ChurchCRM 4.4.5 via /churchcrm/WhyCameEditor.php

SQL Injection vulnerability in ChurchCRM 4.4.5 via /churchcrm/WhyCameEditor.php. Step to exploit: 1. Login as admin. 2. Redirect to profile page and click on `Edit "Why Came" Notes`. ![1](https://user-images.githubusercontent.com/35623498/168865685-a517909c-ba50-4f17-9b9f-cce5a357a2c3.PNG) 3. Submit...

bug

Security

Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter "special".

Add Doctor info payload to Doctor Special of Add Doctor page to target /admin-panel1.php, then use burpsuite get requests datas, change the 'special' parameter to xss payload: alert(123) Step to...

Cross-Site Scripting (XSS) in "/blogengine/api/posts"

A Cross Site Scripting vulnerabilty exists in BlogEngine via the Description field in /blogengine/api/posts Step to exploit: 1. Login as admin. 2. Navigate to http://127.0.0.1/blogengine/admin/#/content/posts and click on "NEW". 3....