CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2026-34560

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

PT-2026-29625

Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: CI4MS is a CodeIgniter 4-based CMS skeleton. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface, leading to a stored DOM Blind XSS scenario...

CVE-2026-3106 Multiple vulnerabilities in Teampass

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

EUVD-2021-17053

Malware in sbrugna...

EUVD-2019-9343

Malware in sbrugna...

EUVD-2022-3402

Malicious code in bioql PyPI...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-50367

CVE-2025-50367 corresponds to a stored blind XSS vulnerability in the Contact Page of Phpgurukul Medical Card Generation System 1.0 (mcgs/contact.php). The root cause is improper sanitization/cleanup of the name field, enabling JavaScript injection. Public sources (NVD, Red Hat, CNVD, CNVD, PT-Se...

PT-2025-27236 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: A stored blind XSS issue exists in the Contact Page, specifically affecting the "name" field in the mcgs/contact.php file. This field fails to properly sanitize user input,...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-48992

Group-Office is affected by a stored and blind XSS in the Name field of user profiles for versions prior to 6.8.123 and prior to 25.0.27. The vulnerability allows an attacker to set their name to a JavaScript payload, which executes when the compromised user adds that attacker to Synchronization ...

CVE-2019-19742

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field...

CVE-2019-13633

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for...

Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

GHSA-X525-54HF-XR53 Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...