CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

CVE-2026-32300 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

EUVD-2026-14576

Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information...

CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via userphoto to My Page...

CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via userphoto to My Page...

CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via userphoto to My Page...

PT-2024-25920 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel versions prior to 3.5.3 Description: The issue allows for XSS via the user photo parameter to My Page. This can potentially lead to malicious script execution. Recommendations: For versions prior to 3.5.3, update to version 3.5.3 ...

CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via userphoto to My Page...

CVE-2024-34468

CVE-2024-34468 affects Rukovoditel prior to 3.5.3. The issue is an input handling failure in the user_photo parameter that enables a cross-site scripting (XSS) payload in the My Page view. Reported impact is XSS; the primary remediation is to upgrade to version 3.5.3 or later. No explicit exploit...

CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via userphoto to My Page...

Alumne LMS Cross-Site Scripting Vulnerability

Alumne LMS is an e-learning platform from Alumne LMS, Inc. A cross-site scripting vulnerability exists in Alumne LMS version 4.0.0.1.08, which stems from a lack of proper cleanup in the localidad field on the /users/editmy page, and can be exploited by an attacker to inject a custom JavaScript lo...

My Page Order <= 4.3 - Authenticated Cross-Site Scripting (XSS)

The my-page-order WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...