PT-2026-5037

Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.2.0 Description StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature. This allows users with the "Visitor" role to access draft content created by Editor,...

CVE-2025-13784

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

EUVD-2025-199925

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

yungifez Skuul School Management System vulnerable to XSS via SVG

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

Cross-site Scripting (XSS)

Overview yungifez/skuul is an A multi school management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the application, which uploaded SVG files directly without sanitization or enforcing content-type restrictions. An attacker can inject and execute...

CVE-2025-47773

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773

Combodo iTop is affected by a cross-site scripting (XSS) vulnerability in the dashboard editing functionality invoked via AJAX calls. The issue affects versions prior to 2.7.13 and prior to 3.2.2; versions 2.7.13 and 3.2.2 are reported to protect rendered HTML content. The root cause is an XSS fl...

EUVD-2012-4380

Malware in sbrugna...

EUVD-2023-45618

Malicious code in bioql PyPI...

CVE-2023-41098

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit...

CVE-2023-41098

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit...

PT-2023-27784 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.174 Description: An issue exists in the DashboardsController.php file, specifically a reflected XSS issue via the id parameter when editing a dashboard. Recommendations: For MISP version 2.4.174, consider disabling the id...

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard...

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard...

CVE-2017-15990

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/editmyaccountdetail/...