CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7323

CVE-2023-7323 affects Nagios Log Server prior to 2024R1, with an XSS vulnerability caused by insufficient validation/escaping of user input in the Create User function. The impact is potential arbitrary script execution in a victim’s browser. Publicly disclosed details across Red Hat, EUVD, and v...

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R1, which stems from insufficient validation and escaping of user input in the Create User function, which cou...

EUVD-2019-17089

Malware in sbrugna...

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

Cross-Site Scripting (XSS)

unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...

CVE-2024-45875

The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...

baltic-it TOPqw Webportal 安全漏洞

baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

UnoPim 安全漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A security vulnerability exists in UnoPim 0.1.3 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Create User function that allows an...

PT-2024-34372 · Unopim · Unopim

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.1.3 and below Description: The issue is related to Cross Site Scripting XSS in the Create User function, allowing attackers to perform XSS via an SVG document. This can be used to steal cookies. The vulnerability is exploite...

PT-2024-25196 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the First Name parameter in the Create User function. This allows for potential malicious script injection...

PT-2024-25197 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the Last Name parameter in the Create User function. This allows for potential malicious script injection...

PT-2022-18025 · Sourcecodester · Sourcecodester Garage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Garage Management System affected versions not specified Description: A critical issue has been found in the SourceCodester Garage Management System, allowing for SQL injection through the manipulation of the userName/uemail...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2021-44114

Cross Site Scripting XSS vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function...

CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued...