CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

CVE-2020-36858

Nagios Log Server is affected by a cross-site scripting (XSS) vulnerability in versions prior to 2.1.6, exposed via the web interface on Create User, Edit User, and Manage Host Lists pages. The root cause is insufficient validation/escaping of user-supplied input, allowing an attacker to inject a...

CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

EUVD-2023-28128

Malicious code in bioql PyPI...

EUVD-2023-40138

Malicious code in bioql PyPI...

EUVD-2024-16219

Malicious code in bioql PyPI...

CVE-2025-3244

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to...

CVE-2024-0424

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CodeAstro Simple Banking System Cross-Site Scripting Vulnerability

Simple Banking System is a simple project about online banking. A cross-site scripting vulnerability exists in CodeAstro Simple Banking System version 1.0, which originates from a cross-site scripting vulnerability due to an unknown function in createuser.php in the component Create a User Page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

Lost and Found Information System Cross-Site Scripting Vulnerability

Lost and Found Information System is a lost and found information system by the individual developer oretnom23. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which can be exploited to run arbitrary code via the First Name and Last Name fields on the Crea...

PT-2023-25458 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: sourcecodester Lost and Found Information System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name, Middle Name, and Last Name fields on the "Create User" page. This is a Cross Site Scripting...

CVE-2023-24065

The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...