26 matches found
EUVD-2015-6474
Malware in sbrugna...
EUVD-2024-51958
Malicious code in bioql PyPI...
CVE-2025-58174
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script for example a script element. An...
CVE-2025-58174 LAM profile editor stored cross-site scripting vulnerability
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script for example a script element. An...
LDAP Account Manager 跨站脚本漏洞
LDAP Account Manager LAM is a web front-end to the LDAP Account Manager open source for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. A cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 9.3, which stems from a profile name...
CVE-2025-55618
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...
CVE-2025-55618
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...
CVE-2025-55618
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...
Hyundai Navigation App 安全漏洞
Hyundai Navigation App is a mobile application for navigation and Telematics services from Hyundai Motor Hyundai, South Korea. A security vulnerability exists in Hyundai Navigation App that stems from improper handling of the profile name field, which could lead to HTML injection...
PT-2025-34936 · Hyundai · Hyundai Navigation App
Name of the Vulnerable Software and Affected Versions: Hyundai Navigation App version STD5W.EUR.HMC.230516.afa908d Description: An attacker can inject HTML payloads into the profile name field within the navigation application, leading to the rendering of the injected content. Recommendations:...
CVE-2025-55618
CVE-2025-55618 describes an HTML injection in Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d where an attacker can inject payloads into the profile name field that are rendered by the app. The NVD entry lists CVSSv3.1: 7.3 (High) with network attack vector, no privileges required, and no use...
CVE-2021-20128
The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...
CVE-2024-48170
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting XSS via a crafted payload injected into the name in the profile.php...
CVE-2024-57175
A Stored Cross-Site Scripting XSS vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php...
PT-2025-3407 · Unknown · Phpgurukul Online Birth Certificate System
Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Online Birth Certificate System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was identified in the PHPGURUKUL Online Birth Certificate System. The issue arises via the profile name to the...
Exploit for Cross-site Scripting in Phpgurukul Online_Birth_Certificate_System
CVE-2024-57175: Stored Cross-Site Scripting XSS in PHPGURUKUL...
CVE-2024-26489
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field...
CVE-2021-20128
The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...
Draytek VigorConnect 跨站脚本漏洞
A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...
PHP Scripts Mall advanced-real-estate-script cross-site scripting vulnerability
PHP Scripts Mall advanced-real-estate-script is a PHP and MySQL based real estate website system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall advanced-real-estate-script, which can be exploited by remote attackers to inject HTML code via the Na...