CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2383

CVE-2026-2383 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Simple Download Monitor (versions up to and including 4.0.5). The issue arises from insufficient input sanitization and output escaping in a custom field, allowing authenticated attackers with at least Con...

CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin = 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability discovered by Balamurugan R in WordPress Plugin User Submitted Posts versions = 20251210...

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-41104 Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'customfield1' in '/estimaterequests/saveestimaterequest'...

EUVD-2021-25553

Malware in sbrugna...

EUVD-2020-17976

Malware in sbrugna...

EUVD-2025-8340

Malicious code in bioql PyPI...

CVE-2025-10758 htmly Custom Field post cross site scripting

A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-10758 htmly Custom Field post cross site scripting

A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-30856

Cross-Site Request Forgery CSRF vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Cross Site Request Forgery.This issue affects Custom Field For WP Job Manager: from n/a through = 1.4...

WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Simple Custom post type custom field versions = 1.0.3...

CVE-2025-22294

CVE-2025-22294 affects the WordPress plugin Custom Field For WP Job Manager (Gravity Master) versions n/a through 1.3. The issue is a Reflected Cross-Site Scripting vulnerability caused by improper neutralization of input during web page generation. The CVSS v3.1 base score is 7.1 (HIGH) with net...