Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.7 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS6.1AI score0.02537EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/10/20 10:30 p.m.10 views

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.4CVSS3.7AI score0.00329EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/20 12:30 a.m.6 views

EUVD-2025-35010

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.1CVSS5.1AI score0.00329EPSS
Exploits1References6
NVD
NVD
added 2025/10/19 10:15 p.m.8 views

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.4CVSS0.00329EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/19 9:32 p.m.4 views

CVE-2025-11946 LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.1CVSS3.7AI score0.00329EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/19 9:32 p.m.14 views

CVE-2025-11946 LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.1CVSS0.00329EPSS
Exploits1References5
CVE
CVE
added 2025/10/19 9:32 p.m.21 views

CVE-2025-11946

CVE-2025-11946 affects LogicalDOC Community Edition up to 9.2.1. The issue stems from incorrect handling of parameters in /frontend.jsp (Add Contact Page), where manipulation of First Name/Last Name/Company/Address/Phone/Mobile can trigger cross-site scripting. Remote exploitation is possible, an...

5.4CVSS5.3AI score0.00329EPSS
Exploits1References5Affected Software1
Hacker One
Hacker One
added 2025/06/04 9:13 a.m.14 views

MainWP: Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin

A stored cross-site scripting XSS vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" Contact Name field, where user input was not properly sanitized before rendering it back into the DOM. As a result, an attacker could inject malicious...

5.6AI score
Exploits0
OSV
OSV
added 2024/01/31 3:12 p.m.11 views

BIT-CIVICRM-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS5.2AI score0.02537EPSS
Exploits4References2
OSV
OSV
added 2023/05/23 1:15 a.m.1 views

DEBIAN-CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS6AI score0.02537EPSS
Exploits4References1
NVD
NVD
added 2023/05/23 1:15 a.m.37 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS5.3AI score0.02537EPSS
Exploits4References2
OSV
OSV
added 2023/05/23 1:15 a.m.1 views

UBUNTU-CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS6.2AI score0.02537EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.8 views

PT-2023-20063 · Civicrm +1 · Civicrm +1

Name of the Vulnerable Software and Affected Versions: CiviCRM version 5.59.alpha1 Description: A Stored Cross Site Scripting XSS issue exists in the add contact function, allowing attackers to execute arbitrary code in the first/second name field. Recommendations: For CiviCRM version 5.59.alpha1...

5.4CVSS5.7AI score0.02537EPSS
Exploits4References16
CVE
CVE
added 2023/05/23 12:0 a.m.66 views

CVE-2023-25440

CVE-2023-25440 affects CiviCRM 5.59.alpha1. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Add Contact function, exploitable via the first/second name fields, enabling an attacker to execute arbitrary scripts when the page loads. Multiple connected sources confirm the issue and r...

5.4CVSS5.3AI score0.02537EPSS
Exploits4References2Affected Software1
exploitpack
exploitpack
added 2015/08/12 12:0 a.m.24 views

Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting

Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting Document Title: =============== Printer Pro 5.4.3 IOS - Cross Site Scripting Credits & Authors: ================== TaurusOmar - @TaurusOmar [email protected] taurusomar.blogspot.com Release Date: ============= 2015-08-11 Product & Servi...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2010/09/03 12:0 a.m.22 views

Easypush Server Manager Persistent Xss Vulnerability

No description provided by source. Name : Easypush Server Manager Persistent Xss Vulnerability Date : Sept,1 2010 Vendor Url : http://deeproot.in/ Author : Sid3^effects aKa HaRi shellc99atyahoo.com Big hugs : Th3 RDX,Hananbutt special thanks to : r0073r inj3ct0r.com,L0rd...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/09/01 12:0 a.m.32 views

Easypush Server Manager Persistent Xss Vulnerability

Exploit for php platform in category web applications ==================================================== Easypush Server Manager Persistent Xss Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

7.1AI score
Exploits0
Prion
Prion
added 2009/05/21 2:30 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

4.3CVSS6AI score0.05326EPSS
Exploits2References13Affected Software1
NVD
NVD
added 2009/05/21 2:30 p.m.38 views

CVE-2009-1729

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

4.3CVSS5.7AI score0.05326EPSS
Exploits2References13
Rows per page
Query Builder