Lucene search
+L

220 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6751

Malware in sbrugna...

5.4CVSS5.4AI score0.01604EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8865

Malicious code in bioql PyPI...

2.7CVSS6.6AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-7467

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00655EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-23298

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00467EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3929

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01282EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-45151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several social user profile fields...

5.4CVSS6.4AI score0.00655EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.8 views

CVE-2025-9393

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument...

9CVSS9AI score0.00871EPSS
Exploits1References1
Veracode
Veracode
added 2025/08/20 11:3 a.m.5 views

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...

7.6CVSS6.5AI score0.00467EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/07/31 6:32 p.m.5 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...

7.6CVSS5.6AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 6:32 p.m.5 views

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

4.8CVSS5.2AI score0.00467EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/31 6:32 p.m.13 views

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/07/31 6:15 p.m.8 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.11 views

PT-2025-31569 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.9 views

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

5.4CVSS5.8AI score0.00727EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:32 a.m.8 views

CVE-2017-11182

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...

5.4CVSS5.4AI score0.00802EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 5:15 p.m.8 views

CVE-2025-44184

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the websiteimage, fname, lname, contact, username, and address parameters...

4.8CVSS5.8AI score0.00231EPSS
Exploits2References2
OSV
OSV
added 2025/05/02 6:18 a.m.6 views

BIT-MOODLE-2024-43429 Moodle: user information visibility control issues in gradebook reports

A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information...

5.3CVSS5.4AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 2025/03/31 4:32 p.m.121 views

CVE-2025-30369

CVE-2025-30369 affects Zulip where the Delete Organizational Custom Profile Fields API lacked a proper org-bound check, allowing an administrator to delete custom profile fields belonging to a different organization. The root cause is insufficient permission verification in the handler. Impact is...

2.7CVSS3.7AI score0.00256EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 4:32 p.m.26 views

CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...

2.7CVSS6.7AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.6 views

Zulip server 安全漏洞

Zulip server is an open source team chat application from Zulip, Inc. in the United States. A security vulnerability exists in versions of Zulip server prior to 10.1, which stems from insufficient permission checking in the Delete Organizational Custom Profile Fields API, which could result in an...

2.7CVSS6.6AI score0.00256EPSS
Exploits0References2
Rows per page
Query Builder