CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

EUVD-2017-9038

Malware in sbrugna...

EUVD-2019-2919

Malware in sbrugna...

EUVD-2005-2194

Malware in sbrugna...

EUVD-2012-1057

Malware in sbrugna...

EUVD-2017-9040

Malware in sbrugna...

EUVD-2024-49124

Malicious code in bioql PyPI...

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

CVE-2024-8366

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input alert...

PT-2024-38971 · Code Projects · Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A vulnerability was found in the Update My Profile Page component of the Pharmacy Management System. The issue affects an unknown part of the file /index.php?id=userProfileEdit...

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

GESTSUP Security Vulnerabilities

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A security vulnerability exists in GESTSUP version v3.2.46, which stems from the presence of a cross-site request forgery CSRF vulnerability that...

CVE-2023-29514

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document e.g., their own user profile can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki...

CVE-2023-29523

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...

CVE-2023-29514

XWiki Platform is affected by a Code Injection vulnerability in the template provider administration (CVE-2023-29514). Any user with edit rights on a document can execute code with programming rights, enabling remote code execution. Red Hat, OSV, CVE listings and OpenVAS/third-party advisories co...

CVE-2021-38616

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️‍♂️ Proof of Concept Step to reproduce: Go to /admin/pageSettings.php?search-settings=smtp and the payload: ""@x.y in the "Senders...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...