WeGIA Cross-Site Script Vulnerabilities

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the user-controlled data was not cleared before rendering the...

EUVD-2018-4094

Malware in sbrugna...

Mattermost Server 10.10.x < 10.10.2 / 10.11.0 Missing Authorization (MMSA-2025-00513)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00513 advisory. - Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or...

Mattermost Missing Authorization vulnerability

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

CVE-2025-9076

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

CVE-2024-25573

Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing...

CVE-2024-25573

CVE-2024-25573 describes a Stored Cross-Site Scripting (XSS) vulnerability in the PingFederate Administrative Console, arising from unsanitized user-supplied data that can trigger JavaScript code execution in subsequent user processing. Affected product: PingFederate Administrative Console (Ping ...

VulnCheck KEV: CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

Invision Power Board 3.3.0 - Local File Inclusion

Invision Power Board 3.3.0 - Local File Inclusion waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web:...

Tagit! Tagit2b 2.1.B Build 2 - tagminreadconf.php?Admin Remote File Inclusion

Tagit! Tagit2b 2.1.B Build 2 - tagminreadconf.php?Admin Remote File Inclusion source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may all...

CheesyBlog-1.0.txt

New eVuln Advisory: CheesyBlog XSS Vulnerability http://evuln.com/vulns/49/summary.html --------------------Summary---------------- Software: CheesyBlog Sowtware's Web Site: http://cheesepizza.net/ Versions: 1.0 Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched...