RosarioSIS 6.7.2 - Cross-Site Scripting

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...

CVE-2026-41663

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

CVE-2026-41663

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

EUVD-2026-28278

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

PT-2026-37147

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description Several administrative operations within the preferences module are executed via GET requests without CSRF token validation. This allows an attacker to force an authenticated administrator to trigger...

EUVD-2025-12269

Malicious code in bioql PyPI...

CVE-2025-8896 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprcommunicationpreferences' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and...

CVE-2025-8896

CVE-2025-8896 affects the WordPress plugin User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (versions up to 3.14.3). Root cause: stored XSS via the gdpr_communication_preferences[] parameter due to insufficient input sanitization and output escaping. Impa...

CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings...

CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings...

PT-2025-17591 · Unknown · Rosariosis

Name of the Vulnerable Software and Affected Versions: Francois Jacquet RosarioSIS version 12.0.0 Description: The issue is related to a content spoofing vulnerability found in the Theme configuration under the My Preferences module. This allows attackers to manipulate application settings...

CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings...