Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.11 views

CVE-2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field...

5.4CVSS5.6AI score0.00592EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2025-13048

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13048

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00237EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.8 views

CVE-2026-23873

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

9CVSS6AI score0.00511EPSS
Exploits1References1
NVD
NVD
added 2026/01/22 12:15 a.m.10 views

CVE-2026-23873

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

9CVSS0.00511EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 11:26 p.m.3 views

CVE-2026-23873

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

5.2CVSS5.8AI score0.00511EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 11:26 p.m.4 views

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

5.2CVSS6AI score0.00511EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/21 11:26 p.m.8 views

EUVD-2026-4200

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

5.2CVSS6AI score0.00511EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 11:26 p.m.6 views

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

5.2CVSS6AI score0.00511EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.9 views

PT-2026-3882

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklist export.php. The application fails to sanitize...

5.2CVSS6AI score0.00511EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-5242

Malware in sbrugna...

7.5CVSS6.4AI score0.03506EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-21517

Malware in sbrugna...

5.4CVSS5.5AI score0.00644EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8859

Malware in sbrugna...

6.1CVSS6.3AI score0.00799EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14310

Malware in sbrugna...

5.4CVSS5.5AI score0.00592EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-11521

Malware in sbrugna...

5.4CVSS5.5AI score0.00603EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-21514

Malware in sbrugna...

5.3CVSS5.5AI score0.01188EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23202

Malware in sbrugna...

5.4CVSS5.5AI score0.0059EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-44097

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.8 views

CVE-2023-3433

The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of...

5.5CVSS6.7AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.6 views

CVE-2021-36605

engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...

5.4CVSS6.5AI score0.0059EPSS
Exploits1References1
Rows per page
Query Builder