18 matches found
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
GHSA-Q769-PHQG-263R VaahCMS is vulnerable to XSS through its Avatar Upload endpoint
Cross-Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
CVE-2025-61183
VaahCMS 2.3.1 is affected by a Stored XSS via the Avatar Upload endpoint in storeAvatar() of UserBase.php. The vulnerability stems from saving the uploaded file to a public path before content/MIME-type validation, allowing an attacker to place a crafted SVG that can execute script when rendered....
EUVD-2025-5723
Malicious code in bioql PyPI...
CVE-2025-23553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...
CVE-2025-23553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...
CVE-2025-23553 WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through = 1.0...
CVE-2025-23553 WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Cramer Userbase Access Control allows Reflected XSS. This issue affects Userbase Access Control: from n/a through 1.0...
CVE-2025-23553
CVE-2025-23553 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WordPress Userbase Access Control (versions
WordPress plugin Userbase Access Control 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Userbase Access Control versions = 1.0...
xss bypass the filter
Description hi,@maintainer.The filter you use to clean xss is unsafe.Please choose an xss filter with a large number of users and a high evaluation Video link You can watch my video through this link first. link https://drive.google.com/file/d/1mh9hiDxmybLQGPw-z36qBdsEcEOoPw8/view?usp=sharelink...
Xenforo Forum CMS 1.5.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications +---------------------------------------------------------+ | Vulnerable Software: Xenforo Forum CMS | | Vendor: http://xenforo.com | | Vulnerability Type: Persistent XSS authenticated | | Date Released: 07/04/2017 | | Released by: MLT |...
Twitter Gains Team From Mitro Password Management Company
Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The...