46 matches found
PT-2023-24701 · Huawei · Hms Core
Name of the Vulnerable Software and Affected Versions: HMS Core affected versions not specified Description: The issue is related to a version update determination vulnerability in the user profile module. Successful exploitation of this vulnerability may cause repeated HMS Core updates and lead ...
CVE-2023-34162
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that originates from a version upgrade judgment vulnerability in the user profile module, which can be exploite...
CVE-2022-1087
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...
CVE-2022-1087 htmly Edit Profile Module cross site scripting
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...
CVE-2022-1087
CVE-2022-1087 affects htmly 5.3, specifically the Edit Profile Module. The vulnerability enables persistent cross-site scripting by manipulating the Title field with script tags. Exploitation is remote and requires authentication; a POC has been publicly disclosed. Multiple connected sources corr...
htmly 跨站脚本漏洞
HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in the Edit Profile Module of htmly version 5.3, which can lead to persistent cross-site scripting attacks...
Multiple vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...
CVE-2021-25791
Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...
CVE-2021-25791
CVE-2021-25791 affects Online Doctor Appointment System 1.0 and describes multiple stored XSS in the Update Profile module. Vulnerable component: First Name, Last Name, and Address fields where user input is stored and later rendered. Impact: authenticated users can execute arbitrary web scripts ...
Online Doctor Appointment System 跨站脚本漏洞
Online Doctor Appointment System is an online doctor appointment system developed using PHP, JavaScript and CSS. A cross-site scripting vulnerability exists in Online Doctor Appointment System 1.0 that allows an authenticated attacker to execute arbitrary web script or HTML via a crafted payload ...
ImpressCMS 跨站脚本漏洞
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS profile version 1.4.2, which stems from a Display Name field that is not validly filtered for inpu...
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link:...
Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting
Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link: https://sourceforge.net/projects/forma/files/latest/download Tested on: XAMPP for Linux 64b...
DRUPAL-CONTRIB-2020-004
The Profile module enables you to allow users to have configurable user profiles. The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users...
CVE-2017-12138
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter...
XOOPS Core /modules/profile/index.php redirection vulnerability
XOOPS is XOOPS team development and maintenance of a set of open source PHP and MySQL based content management system . XOOPS /modules/profile/index.php file has a redirection vulnerability that allows attackers to construct malicious URIs, entice users to parse, redirect users to any WEB site fo...
Drupal UC Profile Module Information Disclosure Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.UC Profile is one of the modules used to create and configure user profiles and files. An information disclosure vulnerability exists in the Drupal UC Profile module in versions 6.x-1.x...
Elefant CMS 1.3.9 Cross Site Scripting
Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability
Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...