CVE-2025-13180 Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13178

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

CVE-2017-17903

CVE-2017-17903 affects FS Lynda Clone (video tutorial software) and is caused by a cross-site request forgery (CSRF) vulnerability in the /user/edit_profile endpoint, allowing an attacker to cause changes to the user panel by forging requests. The vulnerability’s impact is described in the initia...

Sql injection

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 City, 2 Interest, 3 Email, 4 Icq, 5 msn, or 6 Yahoo Messenger field in an editprofile action...

CVE-2008-3191

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 City, 2 Interest, 3 Email, 4 Icq, 5 msn, or 6 Yahoo Messenger field in an editprofile action...