CVE-2026-42197 RELATE Vulnerable to Stored XSS via Unprivileged User Profile

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

CVE-2022-50952

CVE-2022-50952 affects Banco Guayaquil 8.0.0 Mobile iOS application. A persistent cross-site scripting vulnerability exists in the TextBox Name Profile input. An attacker can inject malicious script via a POST request that executes on application review without user interaction. The NVD entry lis...

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

PT-2026-5573

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

Banco Guayaquil 跨站脚本漏洞

Banco Guayaquil is a community bank mobile application operated by the Ecuadorian company Banco Guayaquil. Version 8.0.0 of Banco Guayaquil contains a cross-site scripting vulnerability. This vulnerability stems from the TextBox Name Profile input field, which has a stored-cross-site scripting...

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumbe...

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

PT-2025-44771

Name of the Vulnerable Software and Affected Versions Simple User Management System with PHP-MySQL version 1.0 Description The Simple User Management System with PHP-MySQL fails to properly sanitize user input in the Profile Section, allowing attackers to inject and execute arbitrary JavaScript...

CVE-2025-11651

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

EUVD-2018-18543

Malware in sbrugna...

📄 Create School Management System 1.0 Cross Site Scripting

Create School Management System version 1.0 suffers from a persistent cross site scripting vulnerabilities. Hello Full Disclosure community, I’m sharing details of a recently assigned CVE affecting a widely used open‑source School Management System PHP/MySQL...

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by an arbitrary client profile that improperly validates user-supplied input. No detailed...

Vulnerability-Lookup 跨站脚本漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup versions prior to 2.7.1, which stems from an unneutralized input in a user profile resulting in stored cross-site...

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

Laundry Booking Management System 安全漏洞

Laundry Booking Management System is a PHP project called Laundry Booking Management System. A remote code execution vulnerability exists in Laundry Booking Management System, which stems from a failure to properly validate input data in profile.php, and can be exploited by attackers to execute...

CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field...

CVE-2018-6795

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field...

CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field...