EUVD-2026-28270

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of RSE metadata in the WebUI. An attacker can execute arbitrary JavaScript in the users' context by injecting malicious scripts into the City, CountryName, or ISP fields, which are then stored...

CVE-2025-14205

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membershipprofile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site...

CVE-2023-1179

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument companyname/province/city/phonenumber leads to cross site...

Insurance Management System 安全漏洞

Insurance Management System is an insurance management system from the individual developer Angel Jude Reyes Suarez. A security vulnerability exists in Insurance Management System v.1.0.0 and prior versions that stems from a cross-site scripting XSS vulnerability in the City field...

BloodBank SQL注入漏洞

phpscriptpoint BloodBank is a responsive blood bank and donor content management system CMS from phpscriptpoint. A SQL injection vulnerability exists in BloodBank version 1.1, which stems from an SQL injection vulnerability in the reference country/city/bloodgroupid...

PT-2023-25560

Name of the Vulnerable Software and Affected Versions Hostel Management System version 2.1 Description The issue allows an attacker to execute arbitrary code through a crafted payload to parameters such as Guardian name, Guardian relation, complimentary address, city, permanent address, and city ...

PT-2023-10560 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...

Magento XML Injection vulnerability in the 'City' field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution...

GHSA-XVPX-6HH8-7H72 Magento XML Injection vulnerability in the 'City' field

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution...

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

WordPress plugin WPQA 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress WPQAs plugin prior to 5.2, which...

Exploit for Cross-site Scripting in 2Code Wpqa_Builder

CVE-2022-1051 WPQA 5.2 - Subscriber+ Stored Cross-Site Sc...

CVE-2021-36020

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution...

Design/Logic Flaw

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution...

CVE-2021-36020

Magento Commerce versions 2.4.2 and earlier (including 2.4.2-p1 and 2.3.7 and earlier) are affected by an XML Injection vulnerability in the City field that allows unauthenticated remote code execution. The issue is triggered by a specially crafted input and can compromise the server. Public refe...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in membership profile. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the city field. 4. Update the profile and You will see an alert. 💥 Impact This vulnerability is capable of Stored xss...

PHP Scripts Mall Basic B2B Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Basic B2B Script is a B2B website system script from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Basic B2B Script version 2.0.0, which can be exploited by remote attackers to inject scripts via the First name, Last name, City, State, or...

Yelp: Self-XSS via location cookie city field when getting suggestions for a new location

Hi, Only self-XSS, but thought I would report it anyway! I noticed the cookie "location" had some JSON in it, so I changed the city field to debugger, made sure it was encoded the same, then went to add a new location/change an existing location at https://www.yelp.com/profilelocation. Making sur...

CMS Ortus <= 1.13 Remote SQL Injection Vulnerability

No description provided by source. Author: otmorozok428, http://forum.antichat.ru Products: CMS Ortus 1.12, CMS Ortus 1.13 Vendor: http://ortus.nirn.ru Download: http://ortus.nirn.ru/files/ortus1-12.zip, http://ortus.nirn.ru/files/ortus1-13.zip Dork for ALL Versions of CMS Ortus:...