EUVD-2003-0326

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-2642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.x has user fullname disclosure on the user preferences page. CVE-2017-2642 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue...

CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue...

CVE-2023-34446 iTop XSS vulnerability on pages/preferences.php

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying pages/preferences.php, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0...

PT-2023-24881 · Itop · Itop

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.0.4 and 3.1.0 Description: The issue concerns cross site scripting when displaying the pages/preferences.php page in iTop, an open source, web-based IT service management platform. Recommendations: For versions prior ...

ITOP Cross-Site Scripting Vulnerability

ITOP is a platform that provides all the resources needed to optimize iTop. A cross-site scripting vulnerability exists in ITOP version 3.0.3, which stems from a possible cross-site script injection on pages/preferences.php...

SUSE CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page...

SUSE CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

GHSA-9X9J-VRHJ-V364 Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/preferences.php URI...

CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page...

CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page...

UBUNTU-CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page...

CVE-2017-2642

CVE-2017-2642 affects Moodle 3.x, causing a user fullname disclosure on the user preferences page. The incident is supported by multiple feeds in connected data, including CVE reporting and OpenVAS/Nessus entries that reference Moodle moodle 3.x and the associated Fedora updates. CVSS metrics ind...

Directory traversal

Directory traversal vulnerability in core/langapi.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page accountprefsupdate.php...