217 matches found
PT-2026-2982
Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.4.3 Description The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Multiple Checkbox and Multiple Select user profile fields...
CVE-2023-31073
Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through...
CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...
CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...
CVE-2024-58289
CVE-2024-58289 describes a stored cross-site scripting (XSS) in Microweber 2.0.15, where an authenticated attacker can inject script payloads into user profile fields (notably the First Name) that execute when other users view the profile. Multiple connected sources confirm the vulnerability and ...
Microweber 跨站脚本漏洞
Microweber is Microweber open source online store management system that provides drag and drop functionality. The system includes modules for adding products, images and more. A cross-site scripting vulnerability exists in Microweber version 2.0.15, which stems from the presence of stored...
EUVD-2025-201618
A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membershipprofile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site...
CVE-2025-63527
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
PT-2025-44661
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay Portal versions 7.4 update 35 through update 92 Description The software contains...
CVE-2025-60318
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...
EUVD-2017-6247
Malware in sbrugna...
EUVD-2006-1810
Malware in sbrugna...
EUVD-2006-1811
Malware in sbrugna...
EUVD-2007-5539
Malware in sbrugna...
EUVD-2018-6751
Malware in sbrugna...
EUVD-2018-6804
Malware in sbrugna...
EUVD-2004-1919
Malware in sbrugna...
EUVD-2019-8935
Malware in sbrugna...
EUVD-2025-8865
Malicious code in bioql PyPI...
EUVD-2022-3929
Malicious code in bioql PyPI...