Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.8 views

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

6.1CVSS6.1AI score0.00865EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16717

Malware in sbrugna...

6.1CVSS6.3AI score0.00865EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:22 a.m.3 views

CVE-2017-1000495

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...

5.4CVSS6.3AI score0.00631EPSS
Exploits1References1
Snyk
Snyk
added 2024/09/30 5:48 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the real name field due to improper user input sanitization. This is only exploitable if the user has the editmyprivateinfo right or similar permissions that allow them to modify their real name. Details...

5.4CVSS5.3AI score0.00434EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.3 views

PT-2024-32649 · Mediawiki · Mediawiki Citizen Skin

Name of the Vulnerable Software and Affected Versions: MediaWiki Citizen Skin versions prior to 2.31.0 Description: The issue allows a user with the editmyprivateinfo right or who can otherwise change their name to perform a self-XSS attack by setting their "real name" to an XSS payload. This can...

5.4CVSS6.2AI score0.00434EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.2 views

PT-2023-4162 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: The issue is related to the lack of protection of the web page structure in the Webmin control panel, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can be exploited to achieve...

5.5CVSS5.8AI score0.00708EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2010-4569

Cross-site scripting XSS vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI...

4.3CVSS5.7AI score0.01724EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1743

Multiple cross-site scripting XSS vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as...

4.3CVSS5.7AI score0.02824EPSS
Exploits0References3
CNVD
CNVD
added 2019/01/30 12:0 a.m.4 views

ATutor cross-site scripting vulnerability (CNVD-2019-03592)

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in Atutor 2.2.4 and earlier versions. A remote attacker can...

6.1CVSS6.4AI score0.00865EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/01/29 6:0 p.m.21 views

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

6.3AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/05 12:0 a.m.6 views

QuickApps CMS Cross-Site Scripting Vulnerability

QuickApps CMS is a PHP-based, open source, modular content management system. A cross-site scripting vulnerability exists in the user's real name field in QuickApps CMS version 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service and perform unauthorized operations...

5.4CVSS6.3AI score0.00631EPSS
Exploits1References1
OSV
OSV
added 2018/01/03 2:29 p.m.4 views

CVE-2017-1000495

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...

5.4CVSS5.8AI score0.00631EPSS
Exploits1References1
CNVD
CNVD
added 2017/10/11 12:0 a.m.2 views

Flyspray stored cross-site scripting vulnerability (CNVD-2017-30492)

Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability that allows authenticated users to gain administrator privileges by injecting JavaScript into...

5.4CVSS5.4AI score0.00805EPSS
Exploits0References1
Rows per page
Query Builder