76 matches found
EUVD-2026-40090
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
Revive Adserver: Stored XSS via Full Name field in userlog email entries
Vulnerability description not provided...
Cross-site Scripting (XSS)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fullName field in the revision/draft context menu, which is rendered as raw HTML due to improper handling with Template::raw and string interpolation. An...
GHSA-3X4W-MXPF-FHQQ Craft CMS Vulnerable to Stored XSS in Revision Context Menu
The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...
EUVD-2014-4629
Malware in sbrugna...
EUVD-2018-13191
Malware in sbrugna...
EUVD-2008-0592
Malware in sbrugna...
EUVD-2018-5930
Malware in sbrugna...
EUVD-2018-7062
Malware in sbrugna...
EUVD-2021-16974
Malware in sbrugna...
EUVD-2024-44592
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-22232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE CVE-2021-22232 Note that Nessus relies on the...
CVE-2024-46300
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting XSS via the Full Name field in registration.php...
CVE-2021-24930
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...
CVE-2024-50656
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting XSS via the Full Name field in registration.php...
CVE-2024-50656
CVE-2024-50656 affects itsourcecode Placement Management System 1.0. An XSS vulnerability exists in the Full Name field of registration.php. CVSS v3.1 base score is 6.1 (Medium). Exploitation details are not described in the provided documents; remediation/fixes are not specified in the supplied ...
CVE-2024-55056
A stored cross-site scripting XSS vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field...
CVE-2024-55056
A stored cross-site scripting XSS vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field...
CVE-2024-55056
Phpgurukul Online Birth Certificate System 1.0 contains a stored XSS in /user/certificate-form.php via the full name field. The CVE-2024-55056 entry has CVSS v3.1 base score 5.4 (Medium) with AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. No explicit exploit details or mitigation/vulnerable version informa...
CVE-2024-46300
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting XSS via the Full Name field in registration.php...