19 matches found
PT-2026-44073
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2025-63527
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
CVE-2025-63527
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
CVE-2025-11398
A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The impacted element is an unknown function of the file /profile.php of the component Profile Page. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be launched...
CVE-2025-60318
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...
EUVD-2007-6365
Malware in sbrugna...
CVE-2025-9715
A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /xcmsassemblecontrol/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The...
PT-2025-33416 · Sourcecodester · Covid19 Testing Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /profile.php. Manipulation of the mobilenumber argument can lead to SQL injection, allowing for...
Vehicle Parking Management System profile.php File SQL Injection Vulnerability
Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter firstname in the file /users/profile.php that lacks validation of an externally entered SQL statement. An attack...
Code-Projects Library System 注入漏洞
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...
CVE-2025-6288
A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross...
PT-2025-23440 · Unknown · Juzawebcms
Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload...
Nipah virus Testing Management System profile.php file SQL Injection Vulnerability
Nipah Virus Testing Management System is an online virus diagnostic platform. Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminname/mobilenumber in file...
CVE-2025-29427
Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in profile.php via the memberfirst and memberlast parameters...
CVE-2024-53481
A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...
CVE-2023-47446
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting XSS on the profile.php page via fullname parameter...
Online Tours & Travels Management System 代码问题漏洞
Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A security vulnerability exists in Online Tours & Travels Management System v1.0, which was discovered to contain an arbitrary file upload vulnerability via the component...
CVE-2018-10580
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject aka thread subject field...
Ghost 'Your profile' page HTML injection vulnerability
Ghost is an open source, controlled platform for building and running modern online publishing. Ghost suffers from an HTML injection vulnerability that stems from a failure to adequately validate user input. An attacker could use this vulnerability to execute specially crafted HTML and script cod...