24 matches found
PT-2026-22615
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields...
PT-2026-1723
Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0 Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client...
CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-50363
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting XSS in /maid-hiring.php va the name field...
CVE-2025-50363
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting XSS in /maid-hiring.php va the name field...
EUVD-2019-17085
Malware in sbrugna...
PT-2025-40044
Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...
CVE-2025-8440 Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2023-33795
A stored cross-site scripting XSS vulnerability in the Create Contact Roles /tenancy/contact-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2019-17496
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion...
PT-2024-29019 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-feeds/id/edit/" API endpoint. Recommendations:...
Sesami Cash Point & Transport Optimizer Security Vulnerability
Sesami Cash Point & Transport Optimizer is a solution from Sesami Corporation. A security vulnerability exists in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 that stems from the presence of a CSV injection vulnerability. The vulnerability allows remote attackers to obtain sensiti...
openCRX Security Vulnerabilities
openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which stems from a cross-site scripting XSS vulnerability in the Name field...
SESAMI planfocus CPTO Cross-Site Scripting Vulnerability
SESAMI is an open framework for modern cash optimization. A cross-site scripting vulnerability exists in SESAMI planfocus CPTO version 6.3.8.6, which originates when inserting JavaScript into the Name field on the client side...
CVE-2023-33798
A stored cross-site scripting XSS vulnerability in the Create Rack /dcim/rack/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2022-44959
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
webTareas 跨站脚本漏洞
webTareas is a web-based open source collaboration tool. The product supports project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas version 2.2p1, which originated from a cross-site scripting vulnerability found in the Name field...
CVE-2022-30494
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs...
Html Injection lead to cross site scripting
Description Hi i Found a way to inject html in user's email. So in this case if a attacker set name of victim as html form it will be rendered by your system and then the render html will be sent to the victim Proof of Concept 1. Goto https://paraio.com/signup/ and in name field add this payload...
Stored XSS in "campaigns"
Description The listmonk application is vulnerable to stored XSS in the "Name" input filed for "campaigns" for which when a user tried to delete the "campaigns" XSS gets triggered. Proof of Concept 1.Go to "Campaigns" - "All campaigns" - "New" 2.Put this payload: in the "Name" input field and fil...