CVE-2026-0871

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

PT-2026-3178

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

CVE-2023-53918

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...

PT-2025-51956

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description PodcastGenerator version 3.2.9 has a stored cross-site scripting issue. A malicious JavaScript payload can be injected into the episode title field through the episodes upload interface, specifically...

HFish 跨站脚本漏洞

HFish is a community-based free honeypot open-sourced by HFish.io. A security vulnerability exists in HFish version 0.5.1. Attackers use the vulnerability to insert a payload in the location of the input name , when the administrator to view the information will trigger a cross-site scripting...