Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.29 views

PT-2026-40941

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the display name field before sanitization occurs. Attackers can submit HTML and script markup in the username field duri...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18767

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00421EPSS
Exploits1References5
CNVD
CNVD
added 2025/06/27 12:0 a.m.3 views

Online Shoe Store customer_signup.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...

9.8CVSS8.3AI score0.00421EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.5 views

CVE-2025-6354

A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customersignup.php. The manipulation of the argument email leads to sql injection. The attack may be launched...

9.8CVSS7.7AI score0.00421EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/20 4:31 p.m.3 views

CVE-2025-6354 code-projects Online Shoe Store customer_signup.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customersignup.php. The manipulation of the argument email leads to sql injection. The attack may be launched...

7.5CVSS7.6AI score0.00421EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.7 views

PT-2025-26445 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. The issue affects an unknown functionality of the file /function/customer signup.php. The manipulation of...

9.8CVSS7.6AI score0.00421EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.2 views

Code-Projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...

9.8CVSS8.1AI score0.00421EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/06/21 6:31 p.m.22 views

Broadleaf vulnerable to Cross-site Scripting

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.7-GA...

6.1CVSS5.7AI score0.00498EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/06/21 4:15 p.m.17 views

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

6.1CVSS5.9AI score0.00498EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/21 4:15 p.m.4 views

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

6.1CVSS6.2AI score0.00498EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/21 12:0 a.m.23 views

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

6.1AI score0.00498EPSS
Exploits1References1
Atlassian
Atlassian
added 2018/03/15 1:17 a.m.557 views

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

7.4AI score
Exploits0Affected Software1
Rows per page
Query Builder