CVE-2026-42197 RELATE Vulnerable to Stored XSS via Unprivileged User Profile

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

CVE-2022-50952

CVE-2022-50952 affects Banco Guayaquil 8.0.0 Mobile iOS application. A persistent cross-site scripting vulnerability exists in the TextBox Name Profile input. An attacker can inject malicious script via a POST request that executes on application review without user interaction. The NVD entry lis...

Banco Guayaquil 跨站脚本漏洞

Banco Guayaquil is a community bank mobile application operated by the Ecuadorian company Banco Guayaquil. Version 8.0.0 of Banco Guayaquil contains a cross-site scripting vulnerability. This vulnerability stems from the TextBox Name Profile input field, which has a stored-cross-site scripting...

PT-2026-5573

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumbe...

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

PT-2025-44771

Name of the Vulnerable Software and Affected Versions Simple User Management System with PHP-MySQL version 1.0 Description The Simple User Management System with PHP-MySQL fails to properly sanitize user input in the Profile Section, allowing attackers to inject and execute arbitrary JavaScript...

CVE-2025-11651

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

EUVD-2018-18543

Malware in sbrugna...

📄 Create School Management System 1.0 Cross Site Scripting

Create School Management System version 1.0 suffers from a persistent cross site scripting vulnerabilities. Hello Full Disclosure community, I’m sharing details of a recently assigned CVE affecting a widely used open‑source School Management System PHP/MySQL...

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by an arbitrary client profile that improperly validates user-supplied input. No detailed...

Vulnerability-Lookup 跨站脚本漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup versions prior to 2.7.1, which stems from an unneutralized input in a user profile resulting in stored cross-site...

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

Laundry Booking Management System 安全漏洞

Laundry Booking Management System is a PHP project called Laundry Booking Management System. A remote code execution vulnerability exists in Laundry Booking Management System, which stems from a failure to properly validate input data in profile.php, and can be exploited by attackers to execute...

Cross site scripting

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field...

CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field...

CVE-2018-6795

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field...