Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.4AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 6:30 p.m.15 views

EUVD-2026-28392

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

PHPGurukul Hospital Management System 跨站脚本漏洞

PHPGurukul Hospital Management System is a hospital management system developed by PHPGurukul company, based on PHP and MySQL technologies. The PHPGurukul Hospital Management System v4.0 version has a cross-site scripting vulnerability. This vulnerability stems from the...

5.4CVSS5.6AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.33 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.4 views

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/13 7:13 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user name field. An attacker can execute arbitrary code in the context of any user who passively visits a comment page by injecting malicious scripts. Details Cross-site scripting or XSS is a code...

9.3CVSS5.7AI score0.00356EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 5:16 p.m.10 views

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS0.00356EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 4:52 p.m.5 views

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/13 4:52 p.m.19 views

CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS0.00356EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 4:52 p.m.4 views

CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 4:35 p.m.5 views

GHSA-FC46-R95F-HQ7G Decidim has a cross-site scripting (XSS) in user name

Impact A stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. Patches N/A Workarounds...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Decidim 跨站脚本漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim prior to 0.30.5, as well as versions 0.31.0.rc1 to 0.31.0, contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based code execution issue in the use...

9.3CVSS6.3AI score0.00356EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.11 views

PT-2026-32446

Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.30.5 Decidim versions 0.31.0.rc1 through 0.31.0 Description A stored code execution issue in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References9
RubySec
RubySec
added 2026/04/13 12:0 a.m.21 views

Decidim has a cross-site scripting (XSS) in user name

Impact A stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. Patches N/A Workarounds...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.11 views

PT-2026-30476

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration...

6.9CVSS6.2AI score0.00191EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.5 views

CVE-2019-25477

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.5 views

CVE-2019-25484

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 9:31 p.m.8 views

EUVD-2019-19756

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 9:31 p.m.8 views

EUVD-2019-19762

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder