CVE-2026-40544 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

CVE-2026-40544

SOPlanning is affected by a Stored XSS in the backup feature. An authenticated attacker with backup access can upload a crafted ZIP containing a malicious user.csv; the injected script executes in victims’ browsers when they click Edit on the malicious backup. Affected: SOPlanning v1.55 and earli...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Vulnerability

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin adds a feedback...

Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)

Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/19 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...

Loan Management System 1.0 Cross Site Scripting

Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/19 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...