15 matches found
GHSA-MQHG-V22X-PQJ8 Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users
Summary SSTI is possible via first name and last name parameters provided by lowest-privileged users. Details 1. Go to http://127.0.0.1:8000/ and login or signup 2. Go to http://127.0.0.1:8000/customer/account/profile 3. Now edit the first name and last name to 77 4. Notice it appears as 49 POC -...
CVE-2025-60311
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...
CVE-2025-60311
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...
CVE-2025-60311
ProjectWorlds Gym Management System 1.0 is vulnerable to SQL Injection via the id parameter in profile/edit.php. The root cause is improper input handling of id, enabling attackers to influence SQL queries and potentially access or modify data. Evidence across multiple sources confirms the vulner...
EUVD-2025-33283
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...
CVE-2025-60311
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page...
PT-2025-41305
Name of the Vulnerable Software and Affected Versions ProjectWorlds Gym Management System version 1.0 Description The software is susceptible to SQL Injection through the id parameter in the 'profile/edit.php' page. This allows for potential unauthorized access or modification of data. The affect...
EUVD-2021-26632
Malware in sbrugna...
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. 🕵️♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...
Cross site scripting
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...
YunoHost Cross-Site Scripting Vulnerability
YunoHost is a Linux-based server operating system. A cross-site scripting vulnerability exists in the profile edit page of the user panel in YunoHost versions 2.7.2 through 2.7.14. A remote attacker can exploit this vulnerability by injecting JavaScript code to manipulate user sessions...
urlaubspiraten.de XSS vulnerability
Vulnerable URL: https://www.urlaubspiraten.de/user/profile/travel-alarms/14183/edit Details: Description| Value ---|--- Patched:| Yes, at 11.02.2017 Latest check for patch:| 11.02.2017 21:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17517 VIP website...