109 matches found
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
EUVD-2026-33377
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
PT-2026-44875
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...
PT-2026-44949
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13162 Description An information disclosure issue exists on the Users and Groups pages. Recommendations Update to version 2026.1.13162...
EUVD-2026-28523
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...
CVE-2026-8136
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...
CVE-2026-8136 SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...
CVE-2026-8136
SourceCodester Pharmacy Sales and Inventory System 1.0 contains a cross-site scripting vulnerability in an unspecified part of /index.php?page=users. The issue arises from manipulating the Name parameter, allowing remote attacker input to be reflected and executed in the browser. Exploitation is ...
CVE-2026-8136 SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...
PT-2026-38657
Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description A flaw in the '/index.php?page=users' endpoint allows for remote cross-site scripting XSS, which occurs when an attacker manipulates the Name argument. Cross-site...
SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...
CVE-2019-25682
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...
GHSA-FC4P-P49V-R948 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...
PT-2026-25724
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u id' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...
CVE-2026-2179
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be...
PT-2026-7011
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be...
CVE-2025-70891
CVE-2025-70891 is a stored XSS vulnerability in Phpgurukul Cyber Cafe Management System v1.0, affecting the add-users.php endpoint’s uadd parameter. The issue arises from insufficient sanitization/encoding of user input, allowing an authenticated attacker to persistently store arbitrary JavaScrip...