Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44073

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS5.9AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.3 views

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

8.5CVSS0.0028EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/01 12:0 a.m.3 views

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

8.5CVSS5.5AI score0.0028EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/08 4:47 p.m.3 views

CVE-2025-11398

A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The impacted element is an unknown function of the file /profile.php of the component Profile Page. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be launched...

8.8CVSS6.8AI score0.00389EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.4 views

CVE-2025-60318

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

5.8AI score0.00225EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-6365

Malware in sbrugna...

6.5CVSS6.4AI score0.0207EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/02 12:19 a.m.5 views

CVE-2025-9715

A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /xcmsassemblecontrol/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The...

5.4CVSS3.8AI score0.00295EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33416 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /profile.php. Manipulation of the mobilenumber argument can lead to SQL injection, allowing for...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References9
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Vehicle Parking Management System profile.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter firstname in the file /users/profile.php that lacks validation of an externally entered SQL statement. An attack...

8.8CVSS7.2AI score0.00318EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.7 views

Code-Projects Library System 注入漏洞

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References6
NVD
NVD
added 2025/06/20 1:15 a.m.8 views

CVE-2025-6288

A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross...

5.4CVSS0.00239EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23440 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload...

5.4CVSS3.4AI score0.00278EPSS
Exploits1References11
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

Nipah virus Testing Management System profile.php file SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminname/mobilenumber in file...

9.8CVSS8.3AI score0.00432EPSS
Exploits1References1
OSV
OSV
added 2025/03/17 7:15 p.m.2 views

CVE-2025-29427

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in profile.php via the memberfirst and memberlast parameters...

5.9CVSS5.8AI score0.00241EPSS
Exploits1References1
OSV
OSV
added 2024/12/10 8:15 p.m.4 views

CVE-2024-53481

A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...

6.1CVSS6.1AI score0.00485EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/11/15 6:15 a.m.6 views

CVE-2023-47446

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting XSS on the profile.php page via fullname parameter...

5.4CVSS6.1AI score0.00419EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.2 views

Online Tours & Travels Management System 代码问题漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A security vulnerability exists in Online Tours & Travels Management System v1.0, which was discovered to contain an arbitrary file upload vulnerability via the component...

7.2CVSS7.6AI score0.01056EPSS
Exploits1References2
OSV
OSV
added 2018/05/11 2:29 p.m.2 views

CVE-2018-10580

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject aka thread subject field...

5.4CVSS5.8AI score0.01643EPSS
Exploits5References2
CNVD
CNVD
added 2017/01/25 12:0 a.m.1 views

Ghost 'Your profile' page HTML injection vulnerability

Ghost is an open source, controlled platform for building and running modern online publishing. Ghost suffers from an HTML injection vulnerability that stems from a failure to adequately validate user input. An attacker could use this vulnerability to execute specially crafted HTML and script cod...

7.7AI score
Exploits0References1
Rows per page
Query Builder