#php

HighPlus CMS version 0.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hesk Rtl CMS version 1 suffers from a cross site scripting vulnerability.

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

haraj version 1.1 suffers from an add administrator vulnerability.

HaasCMS version 1.0 suffers from a cross site scripting vulnerability.

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.