55 matches found
CVE-2021-27559
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field...
CVE-2025-13048
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13048
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-23873
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
CVE-2026-23873
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
CVE-2026-23873
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
EUVD-2026-4200
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...
PT-2026-3882
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklist export.php. The application fails to sanitize...
EUVD-2007-5242
Malware in sbrugna...
EUVD-2018-21517
Malware in sbrugna...
EUVD-2018-8859
Malware in sbrugna...
EUVD-2021-14310
Malware in sbrugna...
EUVD-2020-11521
Malware in sbrugna...
EUVD-2018-21514
Malware in sbrugna...
EUVD-2021-23202
Malware in sbrugna...
EUVD-2023-44097
Malicious code in bioql PyPI...
CVE-2023-3433
The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of...
CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...