CVE-2026-40593

CVE-2026-40593 affects ChurchCRM prior to 7.2.0. The issue arises in the UserEditor.php when rendering stored usernames into an HTML input value without applying htmlspecialchars(), allowing an administrator to save a username with HTML attribute-breaking characters and event handlers. When anoth...

CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...

EUVD-2020-15016

Malware in sbrugna...

CVE-2020-22251

Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...

CVE-2020-22251

Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...

Cross site scripting

Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...

PT-2020-6385 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: The issue is related to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting attacks. This can be achieved by creating a new username in the login name...

CVE-2018-9163

A stored Cross-site scripting XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 Build 5350 allows remote authenticated users with Add New Technician permissions to inject arbitrary web script or HTML via the loginName field to technicianAction.do...