CVE-2020-37217

CVE-2020-37217 affects Easy2Pilot 7 and describes a Cross-Site Request Forgery vulnerability targeting admin.php?action=add_user. An attacker can trick an authenticated administrator into submitting a crafted POST to create new administrative accounts without consent. The described impact include...

DDSN Interactive Acora CMS 安全漏洞

DDSN Interactive Acora CMS is an enterprise network and mobile CMS provided by DDSN Interactive. Version 10.7.1 of DDSN Interactive Acora CMS contains a security vulnerability. This vulnerability stems from multiple stored-xss vulnerabilities present in the submitadduser.asp endpoint. It could...

CVE-2026-29598

CVE-2026-29598 affects DDSN Interactive Acora CMS v10.7.1, with multiple stored XSS vulnerabilities in the submit_add_user.asp endpoint. The First Name and Last Name fields are injectable, allowing an attacker to have scripts/HTML executed in the context of the victim’s browser. The CVE entry spe...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP version 2.3.1, which originates from the user/addUser endpoint being susceptible to Fastjson deserialization attack...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63953

CVE-2025-63953 describes a Cross-Site Request Forgery (CSRF) in Magewell Pro Convert v1.2.213 affecting the /usapi?method=add-user endpoint. The vulnerability allows an attacker to create user accounts via a crafted GET request. Documents consistently identify the affected software/version and th...

CVE-2024-13069

A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. Th...

SourceCodester Multi Role Login System 安全漏洞

SourceCodester Multi Role Login System is a SourceCodester open source multi-role login system. A security vulnerability exists in SourceCodester Multi Role Login System version 1.0, which originates from the parameter name in the file /endpoint/add-user.php that can lead to cross-site scripting...

CVE-2024-24050

Cross Site Scripting XSS vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php...

PT-2024-20255 · Sourcecodester · Sourcecodester Workout Journal App

Name of the Vulnerable Software and Affected Versions: Sourcecodester Workout Journal App version 1.0 Description: The issue allows attackers to run arbitrary code via parameters firstname and lastname in the "/add-user.php" API endpoint. This enables attackers to execute arbitrary code,...

CVE-2023-6463

A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument firstname leads to cross site scripting. The attac...

PT-2023-32676 · Unknown · Sourcecodester User Registration/Login System

Name of the Vulnerable Software and Affected Versions: SourceCodester User Registration and Login System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. It affects an unknown functionality of the file "/endpoint/add-user.php". The manipulation of...

SourceCodester User Registration and Login System Cross-Site Scripting Vulnerability

User Registration and Login System is a user registration and login system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in the SourceCodester User Registration and Login System, which originates from cross-site scripting in the firstname parameter of...

CVE-2020-20595

A cross-site request forgery CSRF in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add...

XYHCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13984)

XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in xyhai.php?s=/Auth/addUser URL in XYHCMS version 3.5. A remote attacker can exploit this vulnerability to add a backend administrator account...

PT-2018-2075 · D Link · D-Link Central Wifi Manager

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1 Description: An issue exists due to inadequate protection of the web page structure, allowing a remote attacker to inject arbitrary code into a loaded web page. The username...