CVE-2025-69241

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

CVE-2023-43456

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...

QDOCS Smart School 跨站脚本漏洞

QDOCS Smart School is a smart school management system from QDOCS, Inc. A cross-site scripting vulnerability exists in QDOCS Smart School version 7.0, which stems from insufficient input validation of the parameters firstname, lastname, and guardianname in the file/onlineadmission, and could lead...

EUVD-2020-9410

Malware in sbrugna...

CVE-2025-10620 itsourcecode Online Clinic Management System editp2.php sql injection

A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastname/type/age/address can lead to sql injection. The attack can be executed remotely. The exploit has...

CVE-2025-9773

A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-9773

A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2023-27241

SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the lastname text box under the Add Client module...

U.S. Dept Of Defense: POST XSS - fields[account][lastname] parameter

A cross-site scripting XSS vulnerability was discovered in the fieldsaccountlastname parameter of the POST request. The vulnerability allowed an attacker to inject malicious scripts that could be executed. This could potentially lead to consequences such as cookie theft and session hijacking...

Beauty Parlour Management System Cross-Site Scripting Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

SUSE CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

CVE-2021-46824

Cross Site Scripting XSS vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in studentprofile.php...

School File Management System 跨站脚本漏洞

School File Management System is a school file management system that stores student files individually and retrieves them later. A cross-site scripting vulnerability exists in School File Management System version 1.0, which can be exploited to cause cross-site scripting attacks via the Lastname...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the username, lastname, or surname fields in user profiles. A user can insert a malicious payload in their own calendar, which may be reflected and executed when accessed by other users' calendars. This is a...

CVE-2020-17458

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field...

Cross site scripting

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field...