XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

EUVD-2020-26909

Malware in sbrugna...

Missing Authentication

backend.ai is vulnerable to Missing Authentication. The vulnerability is due to improper access control caused by lack of authentication checks in the registration feature, allowing arbitrary users to create accounts and access private data even when registration is disabled...

GHSA-WW28-4M4V-CQ4J BackendAI Missing Authentication for Critical Function

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...

Vasion Print 跨站脚本漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from a pre-authentication cross-site scripting attack in the badge registration feature...

PT-2024-19502 · WordPress · Event Tickets/Registration

Name of the Vulnerable Software and Affected Versions: Event Tickets and Registration plugin for WordPress versions prior to 5.8.3 Description: The issue allows authenticated attackers with contributor access or higher to extract sensitive data, including emails and street addresses, via the RSVP...

WordPress plugin Mollie Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Weintek Weincloud 授权问题漏洞

Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. An authorization issue vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to abuse the registration feature and log in to the official website using test...

BigProf Online Invoicing System Cross-Site Scripting Vulnerability (CNVD-2021-06953)

BigProf Online Invoicing System OIS is an easy invoicing tool for small businesses, consultants and freelancers created using AppGini. A cross-site scripting vulnerability exists in app/membershipsignup.php and app/admin/pageViewMembers.php in BigProf Online Invoicing System versions prior to 3.1...

Cross site scripting

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting XSS attacks via the oninput event handler in the fname parameter to the default URI in /reg...