CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2026-29513

CVE-2026-29513 describes a stored XSS in Hereta ETH-IMC408M firmware ≤1.0.15. An authenticated attacker can inject JavaScript through the Device Location field via the System Status interface, with scripts executing in browsers of users viewing the status page. The CVSS 4.0 metrics indicate Netwo...

Hereta ETH-IMC408M 跨站脚本漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the Device Location field, which could lead ...

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

CVE-2020-10372

Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI...

CVE-2025-66824

A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...

TrueConf Server 安全漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. A security vulnerability exists in TrueConf Server version 5.5.2.10813, which stems from improper cleanup of user input in the Meeting Location field and could lead to a stored cross-site...

CVE-2025-65622

Summary of CVE-2025-65622 (Snipe-IT): Snipe-IT versions prior to 8.3.4 are affected by a stored XSS flaw in the Locations “Country” field. An authenticated, low-privilege user can inject JavaScript that executes in another user’s session. Connected advisories corroborate the issue and identify th...

EUVD-2017-7363

Malware in sbrugna...

EUVD-2020-2827

Malware in sbrugna...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2017-15947

Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...