13 matches found
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
EUVD-2019-16717
Malware in sbrugna...
CVE-2017-1000495
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the real name field due to improper user input sanitization. This is only exploitable if the user has the editmyprivateinfo right or similar permissions that allow them to modify their real name. Details...
PT-2024-32649 · Mediawiki · Mediawiki Citizen Skin
Name of the Vulnerable Software and Affected Versions: MediaWiki Citizen Skin versions prior to 2.31.0 Description: The issue allows a user with the editmyprivateinfo right or who can otherwise change their name to perform a self-XSS attack by setting their "real name" to an XSS payload. This can...
PT-2023-4162 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: The issue is related to the lack of protection of the web page structure in the Webmin control panel, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can be exploited to achieve...
SUSE CVE-2010-4569
Cross-site scripting XSS vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI...
SUSE CVE-2013-1743
Multiple cross-site scripting XSS vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as...
ATutor cross-site scripting vulnerability (CNVD-2019-03592)
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in Atutor 2.2.4 and earlier versions. A remote attacker can...
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
QuickApps CMS Cross-Site Scripting Vulnerability
QuickApps CMS is a PHP-based, open source, modular content management system. A cross-site scripting vulnerability exists in the user's real name field in QuickApps CMS version 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service and perform unauthorized operations...
CVE-2017-1000495
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...
Flyspray stored cross-site scripting vulnerability (CNVD-2017-30492)
Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability that allows authenticated users to gain administrator privileges by injecting JavaScript into...