220 matches found
EUVD-2018-6751
Malware in sbrugna...
EUVD-2025-8865
Malicious code in bioql PyPI...
EUVD-2022-7467
Malicious code in bioql PyPI...
EUVD-2025-23298
Malicious code in bioql PyPI...
EUVD-2022-3929
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-45151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several social user profile fields...
CVE-2025-9393
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...
Cross-site Scripting (XSS)
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...
GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
PT-2025-31569 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...
CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...
CVE-2017-11182
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...
CVE-2025-44184
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the websiteimage, fname, lname, contact, username, and address parameters...
BIT-MOODLE-2024-43429 Moodle: user information visibility control issues in gradebook reports
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information...
CVE-2025-30369
CVE-2025-30369 affects Zulip where the Delete Organizational Custom Profile Fields API lacked a proper org-bound check, allowing an administrator to delete custom profile fields belonging to a different organization. The root cause is insufficient permission verification in the handler. Impact is...
CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...
Zulip server 安全漏洞
Zulip server is an open source team chat application from Zulip, Inc. in the United States. A security vulnerability exists in versions of Zulip server prior to 10.1, which stems from insufficient permission checking in the Delete Organizational Custom Profile Fields API, which could result in an...