CVE-2019-25435

CVE-2019-25435 affects Sricam DeviceViewer 3.12.0.1. The issue is a local, stack‑based buffer overflow in the User Management → Add User function. An attacker with authenticated access can bypass DEP and inject a payload via the Username field to execute arbitrary code through a ROP chain. The re...

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

EUVD-2025-33292

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

PT-2025-41290

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grades Management System version 1.0 Description A security issue exists in SourceCodester Student Grades Management System. The add user function within the /admin.php file, specifically in the Manage Users Page...

EUVD-2023-47750

Malicious code in bioql PyPI...

PT-2025-37016

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions prior to 67.7.1 Description: The plugin is susceptible to privilege escalation due to missing validation on a user-controlled key within the MJ gmgt gmgt add user function...

CVE-2025-4889

A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to...

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2019-7544

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting XSS vulnerability in the User Name Field...

Cross site scripting

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting XSS vulnerability in the User Name Field...