CVE-2026-27639

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

CVE-2025-6778

A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/savesettings.php. The manipulation of the argument sitephone/siteemail/address leads to cross site scripting. It is possible to launch the...

Quiz And Survey Master < 8.1.19 - Multiple Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to show disabled contact fields and delete quiz results...

SUSE CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

CVE-2021-39473

Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting XSS due to improper sanitization of comment and contact fields...

CVE-2021-39473

Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting XSS due to improper sanitization of comment and contact fields...

Cross site scripting

Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting XSS due to improper sanitization of comment and contact fields...

CVE-2021-39473

Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting XSS due to improper sanitization of comment and contact fields...

CVE-2022-0474

Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions...

CVE-2022-0474

Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions...

CVE-2022-0474

Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions...

OTRS 信息泄露漏洞

OTRS AG OTRSCustomContactFields is an OTRS custom contact fields plugin from OTRS Germany.An information disclosure vulnerability exists in OTRS AG OTRSCustomContactFields, which could be exploited by an attacker to obtain the full list of recipients in a contact field from a customer...

CVE-2021-31934

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object payload in the position or company field that is mishandled in the App Suite UI on a smartphone...

Fedora 32 : roundcubemail (2020-4ccfee6d83)

RELEASE 1.4.7 - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout 7418 - Elastic: Fix context menu paste on th...

Fedora 31 : roundcubemail (2020-5352732865)

RELEASE 1.4.7 - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout 7418 - Elastic: Fix context menu paste on th...

CVE-2018-9283

An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...

CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

DEBIAN-CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...