43 matches found
CVE-2021-47934
MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...
PT-2026-41448
Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...
MyBB Timeline Plugin 跨站脚本漏洞
The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...
CVE-2026-1750
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672
The CVE-2026-24672 entry concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, authenticated students could inject stored JavaScript into user profile fields, which executes when users with viewing privileges access affected pages. The vulnerability has been patched in ve...
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
EUVD-2026-5237
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
PT-2026-4784
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...
CVE-2026-1008
CVE-2026-1008 describes a stored XSS in Altium 365 profile text fields due to insufficient server-side input sanitization. The vulnerability allows authenticated users to inject arbitrary HTML/JavaScript payloads using whitespace-based attribute parsing bypass techniques. The payload is persisted...
CVE-2023-31073
Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through...
CVE-2024-58289
CVE-2024-58289 describes a stored cross-site scripting (XSS) in Microweber 2.0.15, where an authenticated attacker can inject script payloads into user profile fields (notably the First Name) that execute when other users view the profile. Multiple connected sources confirm the vulnerability and ...
Microweber 跨站脚本漏洞
Microweber is Microweber open source online store management system that provides drag and drop functionality. The system includes modules for adding products, images and more. A cross-site scripting vulnerability exists in Microweber version 2.0.15, which stems from the presence of stored...
PT-2025-44661
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay Portal versions 7.4 update 35 through update 92 Description The software contains...
EUVD-2017-6247
Malware in sbrugna...
EUVD-2006-1811
Malware in sbrugna...
EUVD-2006-1810
Malware in sbrugna...
EUVD-2007-5539
Malware in sbrugna...