Lucene search
K

15 matches found

OSV
OSV
added 2026/01/02 10:51 p.m.4 views

GHSA-MQHG-V22X-PQJ8 Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users

Summary SSTI is possible via first name and last name parameters provided by lowest-privileged users. Details 1. Go to http://127.0.0.1:8000/ and login or signup 2. Go to http://127.0.0.1:8000/customer/account/profile 3. Now edit the first name and last name to 77 4. Notice it appears as 49 POC -...

8.8CVSS7.1AI score0.00455EPSS
Exploits1References5
OSV
OSV
added 2025/10/08 8:15 p.m.2 views

CVE-2025-60311

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...

8.8CVSS5.9AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.13 views

CVE-2025-60311

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...

0.00406EPSS
Exploits1References3
CVE
CVE
added 2025/10/08 12:0 a.m.14 views

CVE-2025-60311

ProjectWorlds Gym Management System 1.0 is vulnerable to SQL Injection via the id parameter in profile/edit.php. The root cause is improper input handling of id, enabling attackers to influence SQL queries and potentially access or modify data. Evidence across multiple sources confirms the vulner...

8.8CVSS7.6AI score0.00406EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/08 12:0 a.m.6 views

EUVD-2025-33283

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...

8.8CVSS7.5AI score0.00406EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.5 views

CVE-2025-60311

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...

7.6AI score0.00406EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.4 views

PT-2025-41305

Name of the Vulnerable Software and Affected Versions ProjectWorlds Gym Management System version 1.0 Description The software is susceptible to SQL Injection through the id parameter in the 'profile/edit.php' page. This allows for potential unauthorized access or modification of data. The affect...

8.8CVSS7.6AI score0.00406EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26632

Malware in sbrugna...

5.4CVSS5.4AI score0.02144EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.7 views

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

5.4CVSS5.9AI score0.02144EPSS
Exploits2References1
Huntr
Huntr
added 2021/07/02 1:7 a.m.10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...

1AI score
Exploits0
Prion
Prion
added 2021/01/29 6:15 a.m.13 views

Cross site scripting

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

3.5CVSS5.1AI score0.02144EPSS
Exploits2References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/29 6:15 a.m.24 views

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

5.4CVSS6.1AI score0.02144EPSS
Exploits2References3
Cvelist
Cvelist
added 2021/01/29 5:27 a.m.17 views

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

5.4AI score0.02144EPSS
Exploits2References2
CNVD
CNVD
added 2018/12/05 12:0 a.m.4 views

YunoHost Cross-Site Scripting Vulnerability

YunoHost is a Linux-based server operating system. A cross-site scripting vulnerability exists in the profile edit page of the user panel in YunoHost versions 2.7.2 through 2.7.14. A remote attacker can exploit this vulnerability by injecting JavaScript code to manipulate user sessions...

5.4CVSS5.4AI score0.00622EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2017/02/04 11:15 p.m.12 views

urlaubspiraten.de XSS vulnerability

Vulnerable URL: https://www.urlaubspiraten.de/user/profile/travel-alarms/14183/edit Details: Description| Value ---|--- Patched:| Yes, at 11.02.2017 Latest check for patch:| 11.02.2017 21:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17517 VIP website...

6.3AI score
Exploits0
Rows per page
Query Builder