CVE-2026-4168 Tecnick TCExam Group tce_edit_group.php cross site scripting

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tceeditgroup.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly...

CVE-2026-4168

Tecnick TCExam 16.5.0 contains a cross-site scripting vulnerability in /admin/code/tce_edit_group.php (Group Handler) via manipulation of the Name parameter. The issue is exploitable remotely and an exploit is publicly available. Vendor could not reproduce fully, and the description notes that th...

PT-2025-45044

Name of the Vulnerable Software and Affected Versions Galette versions 1.1.5.2 and below Description Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert a Cross-site Scripting XSS payload. This...

Galette 安全漏洞

Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette version 1.1.5.2 and earlier, which stems from a vulnerability that allows users to edit group names and insert XSS payloads, potentially leading to...

EUVD-2019-8023

Malware in sbrugna...

EUVD-2018-8942

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-13566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to...

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

CVE-2020-10406

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-group.php by adding a question mark ? followed by the payload...

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...

CVE-2020-13566

SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/editgroup.php, when the POST parameter action is “Delete”, the POST parameter deletegroup leads to a SQL...

CVE-2024-42580

A Cross-Site Request Forgery CSRF in the component editgroup.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editgroup.php component not adequately verifying that a request comes from a trusted...

PT-2024-30042 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version 2.0 Description: A Cross-Site Request Forgery CSRF issue in the edit group.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version 2.0, consider disabli...

CVE-2024-41353

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\groups\edit-group.php...

DataHub Security Breach

DataHub is datahub-project's open source metadata platform for a modern data stack. A security vulnerability exists in versions of DataHub prior to 0.12.0 that stems from allowing a low-privileged user to delete a user, edit a group member, or edit another user's profile information...

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

PT-2023-25800 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...