PT-2026-33446

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

Classroombookings 安全漏洞

Classroombookings is a school room reservation system developed by Craig A Rodway, based on PHP and MySQL. Versions of Classroombookings 2.17.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function read in the User Display Name Handler component’s...

WordPress Customer Reviews for WooCommerce plugin <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via displayName Parameter vulnerability discovered by shark3y in WordPress Plugin Customer Reviews for WooCommerce versions = 5.93.1...

CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2020-4044

Malware in sbrugna...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

CVE-2020-10146

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

CVE-2020-10146 Microsoft Teams displayName stored cross-site scripting vulnerability

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

CVE-2020-10146

CVE-2020-10146 concerns a stored cross-site scripting vulnerability in the Microsoft Teams online service, affecting the displayName parameter. The issue could be exploited on Teams clients to obtain sensitive information such as authentication tokens and potentially execute arbitrary commands. M...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

CVE-2008-1775

Cross-site scripting XSS vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2008-1775

Cross-site scripting XSS vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...