CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=ID' where the data of users enrolled in the course is exported. Successfu...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

CVE-2025-63416

CVE-2025-63416 is a stored XSS vulnerability in SelfBest platform 2023.3 (chat feature). The issue allows authenticated, low-privileged users to execute arbitrary JavaScript in other sessions, potentially accessing administrative data and performing privilege escalation, including exfiltration of...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

PT-2025-45153

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’...

EUVD-2025-37926

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

PT-2024-30147 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: The issue is related to Incorrect Access Control. It can be exploited via the "/admin/users.php" API endpoint. There is no information provided about the estimated number of potential...

PT-2022-28272 · Pageflow · Pageflow

Name of the Vulnerable Software and Affected Versions: Pageflow versions prior to 14.5.2 Pageflow versions prior to 15.7.1 Description: The issue allows attackers to update membership objects associated with their own account to be associated with a different account, potentially compromising all...