CVE-2025-63644

CVE-2025-63644 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, specifically in the user profile Description field. The CVE entry lists CVSS v3.1 details: AV:N, AC:L, PR:L, UI:R, S:C, C:L/I:L, A:N with a base score of 5.4 (Medium). The root cause is a vulnerability in the Description ...

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

EUVD-2021-13113

Malware in sbrugna...

EUVD-2020-17806

Malware in sbrugna...

EUVD-2018-18614

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-20279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. CVE-2021-20279 Note...

CVE-2021-26303

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field...

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

CVE-2020-25115

The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager...

CVE-2023-31295

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...

CVE-2023-31295

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...

CVE-2023-31295

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...

Moodle 3.11.x < 3.11.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

PHP Point of Sale 跨站脚本漏洞

PHP Point of Sale is an online point of sale system for small retail businesses from PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale version 19.0, which stems from a vulnerability in its user profile data field that allows an authenticated attacker to compromise any...

CVE-2022-36284

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page...

Moodle Cross-Site Scripting Vulnerability (CNVD-2021-28734)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in moodle that originates in the user profile field. No detailed vulnerability details are...

CVE-2021-20279

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

CVE-2021-20279

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in moodle that originates in the user profile field. No detailed vulnerability details are...