9 matches found
CVE-2026-39328
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...
CVE-2026-39328
ChurchCRM before 7.1.0 has a stored XSS in the person profile editing feature. Non-admin users with EditSelf can inject JavaScript into Facebook, LinkedIn, and X profile fields; due to a 50-character limit, payloads span all three fields and chain onfocus handlers to execute when a profile is vie...
CVE-2026-39328 ChurchCRM has Stored XSS in Social Profile Fields
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...
PT-2026-30952
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...
Linux Distros Unpatched Vulnerability : CVE-2022-45151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several social user profile fields...
The vulnerability of the Moodle course management system lies in the insufficient cleaning of user data in several “social” fields of the user profile. This allows attackers to carry out attacks using cross-site scripting (XSS).
The vulnerability of the Moodle course management system is related to insufficient cleaning of user data in several “social” fields of the user’s profile. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...
UBUNTU-CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...
Moodle 跨站脚本漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...
About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. With a role as low as Contributor, put the following payloads in one of the Social Profi...