CVE-2026-25923

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

EUVD-2006-4693

Malware in sbrugna...

EUVD-2009-4899

Malware in sbrugna...

EUVD-2006-2229

Malware in sbrugna...

Ashcs punbb 跨站脚本漏洞

PunBB is a lightweight PHP-based forum system distributed under the GNU General Public License. A cross-site scripting vulnerability exists in the email BBcode tag in versions of PunBB prior to 1.4.6. An attacker can exploit this vulnerability to inject arbitrary JavaScript into any forum message...

Community Server - Stored Cross-Site Scripting in User's Signature

Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed by Telligent. It uses ASP.NET platform C and Microsoft SQL Server database. From it's 5.0 version, the software was renamed to...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

Cross site scripting

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2008-6885

Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...

CVE-2008-6885

Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...

CVE-2006-6741

CVE-2006-6741 concerns a CSRF vulnerability in the urlobox component of MKPortal. The issue allows remote attackers to delete arbitrary administrator messages by triggering a delete operation embedded in an img BBcode tag. Affected software is MKPortal (specifically the urlobox feature); underlyi...

CVE-2006-3761

Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javacript"...

PT-2006-4106 · Unknown · Cjguestbook

Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript URI in an img BBCode tag, or a JavaScript event in a 2 url BBCode tag or 3 color BBCode tag...

Cross site scripting

Cross-site scripting XSS vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag...

CVE-2006-1223

CVE-2006-1223 affects Jupiter Content Manager 1.1.5 and earlier. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary script or HTML via a Javascript URI in the image BBcode tag. Impact is client-side script execution; no further exploit details or pa...

CVE-2006-0233

CVE-2006-0233 refers to a cross-site scripting (XSS) vulnerability in the PHP file functions.php of the microBlog 2.0 RC-10 package. The issue allows remote attackers to execute arbitrary web script and HTML by supplying a javascript: URI in a [url] BBCode tag, potentially compromising user sessi...

CVE-2006-0233

Cross-site scripting XSS vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a url BBcode tag...