CVE-2026-3984

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...

EUVD-2026-11533

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2026-3984

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2026-3984 Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site scripting

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...

CampCodes Division Regional Athletic Meet Game 代码注入漏洞

CampCodes Division Regional Athletic Meet Game is a sports competition system developed by the Philippines-based company CampCodes. Version 2.1 of CampCodes Division Regional Athletic Meet Game has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

FITSTATS Technologies AthleteMonitoring 代码注入漏洞

FITSTATS Technologies AthleteMonitoring is an athlete health and performance management system from FITSTATS Technologies, Inc. for optimizing athlete performance, preventing injuries, and managing data. A code injection vulnerability exists in FITSTATS Technologies AthleteMonitoring 20250302 and...

athleteguild.com Cross Site Scripting vulnerability OBB-3846607

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Windsor Strava Athlete Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Windsor Strava Athlete Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f40641265386 Credits Rafie Muhammad Patchstack...

CVE-2023-3383

A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...

PT-2023-24509 · Sourcecodester · Sourcecodester Game Result Matrix System

Name of the Vulnerable Software and Affected Versions: SourceCodester Game Result Matrix System version 1.0 Description: A critical issue was found in the GET Parameter Handler component, specifically affecting the /dipam/athlete-profile.php file. The manipulation of the id argument leads to SQL...

WordPress Windsor Strava Athlete plugin <= 1.3.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Windsor Strava Athlete plugin versions = 1.3.6. Solution No patched version available...

DOJ: Creep Coach Finagles Nude Athlete Photos

A former track-and-field coach who worked at several universities has been arrested and is facing up to five years in prison for attempting to solicit nude photos of his athletes through sham social-media accounts and cyberstalking. The Department of Justice alleged that Steve Waithe, while...

NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk

NFL and NBA athletes whose social-media accounts were taken over have been thrown the ball of justice. Multiple professional and semi-pro athletes were victimized by two men who infiltrated their personal accounts, according to testimony in federal court on Wednesday. Trevontae Washington of...

naturalathleteclub.com XSS vulnerability

Open Bug Bounty ID: OBB-457933 Description| Value ---|--- Affected Website:| naturalathleteclub.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Sports Accelerator Suite 2.0 - (news_id) Remote SQL Injection Vulnerability

No description provided by source. Sports Accelerator Suite v2.0 newsid Remote SQL Injection Vulnerability Vendor: Athlete Web Services, Inc. / AWS Sports Product Web Page: http://www.athletewebservices.com Summary: Content Management System PHP+MySQL. Description: The CMS is vulnerable to an SQL...

In search of the Twitter Hacker !

Labor woes. Steroids. Corrupt college programs. There are many serious issues facing the sports world. But they all are a distant second to one other. It's someone so skilled, so savvy, that you may not have even heard of him. The Twitter Hacker. Let's start at the beginning. Or what could be the...

Sports Accelerator Suite 2.0 SQL Injection

Sports Accelerator Suite v2.0 newsid Remote SQL Injection Vulnerability Vendor: Athlete Web Services, Inc. / AWS Sports Product Web Page: http://www.athletewebservices.com Summary: Content Management System PHP+MySQL. Description: The CMS is vulnerable to an SQL Injection attack when input is...

Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulnerability

Exploit for php platform in category web applications =================================================================== Sports Accelerator Suite v2.0 newsid SQL Injection Vulnerability =================================================================== Vendor: Athlete Web Services, Inc. / AWS...

Sports Accelerator Suite 2.0 - news_id SQL Injection

Sports Accelerator Suite 2.0 - newsid SQL Injection Sports Accelerator Suite v2.0 newsid Remote SQL Injection Vulnerability Vendor: Athlete Web Services, Inc. / AWS Sports Product Web Page: http://www.athletewebservices.com Summary: Content Management System PHP+MySQL. Description: The CMS is...

Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

Summary Content Management System PHP+MySQL. Description The CMS is vulnerable to an SQL Injection attack when input is passed to the "newsid" parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and...