CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

CVE-2026-26464

Stored XSS in Society Management System Portal V1.0: the /admin/edit_user.php page accepts a name parameter via POST, which can store and execute arbitrary JavaScript when viewed by users (including admins). The provided documents describe the vulnerability and its vector but do not specify affec...

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

CVE-2025-14226

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

CVE-2025-14226

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

itsourcecode Student Management System SQL注入漏洞

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

CVE-2025-12288

CVE-2025-12288 affects Bdtask Pharmacy Management System up to version 9.4. The vulnerability targets an unknown function in the file /user/edit_user/ within the User Profile Handler. Manipulation of this function can bypass authorization, with remote exploitation described as possible and the ex...

EUVD-2020-15881

Malware in sbrugna...

CVE-2025-10408 SourceCodester Student Grading System edit_user.php sql injection

A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edituser.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been release...

Code-Projects Product Inventory System 注入漏洞

Code-Projects Product Inventory System is a Code-Projects open source product inventory system . An injection vulnerability exists in Code-Projects Product Inventory System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

Splunk edit_user Capability Privilege Escalation Exploit

Splunk suffers from an issue where a low-privileged user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edituser capability does not honor the grantableRoles...

Splunk edit_user Capability Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk "edituser" Capability Privilege Escalation', 'Description' = %q A low-privileged user who holds a role that has the "edituser" capability...

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system by Carlo Montero Personal Developer. SourceCodester Faculty Evaluation System version 1.0 suffers from a SQL injection vulnerability that stems from a problem with the file index.php?page=edituser, which can be exploited by an attacker to...

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

Cross site request forgery (csrf)

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

Chamilo LMS 跨站请求伪造漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

CVE-2012-1979

Cross-site scripting XSS vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter aka Email address field in an edituser configuration action...