The vulnerability of the online enrollment management system for students and learners lies in errors when processing the “Name” parameter on the “Add-Users” page. This allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Online Enrollment Management System for students and learners is related to errors in processing the “Name” parameter on the “Add-Users” page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-40577

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...

CVE-2021-40577

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...

CVE-2021-40577

CVE-2021-40577 is a stored XSS vulnerability in the Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, affecting the Add-Users page via the Name parameter. The issue arises from storing unsanitized input that is later reflected, enabling a persistent script...

CVE-2021-40577

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...

CVE-2021-22449

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device...

Cross site request forgery (csrf)

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...

LiteCart Cross-Site Request Forgery Vulnerability

LiteCart is a lightweight e-commerce platform for online merchants developed using PHP, HTML 5 and CSS 3. A cross-site request forgery vulnerability exists in LiteCart 2.2.1 and earlier versions in admin/?app=users&doc=edituser. An attacker can exploit this vulnerability to add users...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

The vulnerability of network monitoring software for PRTG Network Monitor, related to insecure privilege management, allows a intruder to create users with privileges for “read and write” operations.

The vulnerability of the network monitoring software PRTG Network Monitor relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to create users with “read-write” privileges, including administrators. This can be achieved by replacing the...

Catfish CMS Cross-Site Request Forgery Vulnerability

Catfish CMS is an open source content management system CMS written in PHP. A cross-site request forgery vulnerability exists in the admin/Index/addmanageuser.html page in Catfish CMS version 4.8.30, which can be exploited by remote attackers to add users...

CVE-2018-15202

An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products...

OneThink Cross-Site Request Forgery Vulnerability (CNVD-2018-14976)

Onethink is a ThinkPHP-based content management framework for web development . A cross-site request forgery vulnerability exists in the admin.php?s=/User/add.html page in OneThink version 1.1. A remote attacker can exploit this vulnerability to add users...

LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-14218)

LFCMS is a video-on-demand system based on ThinkPHP and MySQL. A cross-site request forgery vulnerability exists in LFCMS version 3.7.0. A remote attacker can exploit this vulnerability to arbitrarily add users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...

McAfee Network Data Loss Prevention Session Hijacking Vulnerability (CNVD-2017-07550)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a session-side hijacking vulnerability in the server implementation, which can be exploited by remote attackers to view, add, and delete users by modifying HTTP request...

D-Link DCS Cross-Site Forgery Request Vulnerability

D-Link DCS-933L and others are wireless surveillance camera devices from AUO D-Link. A security vulnerability exists in several D-Link DCS cameras. An attacker can exploit the vulnerability with the help of a specially crafted Flash file to retrieve information from Live Feeds or Camera, add new...

Apache Jetspeed User Manager Unauthorized Operation Vulnerability

Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...