11 matches found
PT-2026-20912
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.8.2 Description ChurchCRM is an open-source church management system. An authenticated user with permission to edit groups could store a JavaScript payload that would execute when the group was viewed in the Group...
CVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265
CVE-2019-25265 affects Online Inventory Manager 3.2, with a stored cross-site scripting flaw in the group description field of the admin Edit Groups page. The vulnerability allows injecting JavaScript that executes when the groups page is viewed, potentially enabling cookie theft and client-side ...
EUVD-2019-19380
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
PT-2026-5801
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities
The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...
Cross-site Request Forgery (CSRF) Vulnerabilities in Pragyan CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pragyan CMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in Pragyan CMS 1.1 The vulnerability exists due to insufficient validation of...
CVE-2007-2339
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...