EUVD-2026-28270

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

EUVD-2025-200077

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

GHSA-4G25-WJ72-CHXG Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack in the Locations Country field...

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

BloodBank SQL注入漏洞

phpscriptpoint BloodBank is a responsive blood bank and donor content management system CMS from phpscriptpoint. A SQL injection vulnerability exists in BloodBank version 1.1, which stems from an SQL injection vulnerability in the reference country/city/bloodgroupid...

PT-2023-25230 · Unknown · Gz Scripts Ticket Booking Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts Ticket Booking Script version 1.8 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /load.php. The manipulation of the arguments first name, second name, phone, addres...

HackerOne: Recently added 'Country' field doesn't send email notification when changed

Summary: Hi team, This is a small bug report. Actually I think there is no important security issue but I wanted to report it ¯\ツ/¯ If you change your 'Country' information on account settings, HackerOne doesn't send Your profile was recently changed email. Description: There is an email...