40 matches found
EUVD-2018-21863
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...
CVE-2025-13245
A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be...
CVE-2025-13243
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
EUVD-2025-197725
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
CVE-2025-13245 code-projects Student Information System editprofile.php cross site scripting
A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be...
CVE-2025-13243 code-projects Student Information System editprofile.php sql injection
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
CVE-2025-13243 code-projects Student Information System editprofile.php sql injection
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
Code-Projects Student Information System 代码注入漏洞
Student Information System is a student information system. A cross-site scripting vulnerability exists in the Student Information System, which originates from an unspecified function in the /editprofile.php file that improperly handles user input. An attacker can exploit this vulnerability by...
CVE-2025-6351
A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The...
CVE-2024-36192 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
PT-2024-18462 · Unknown · Sourcecodester Online Job Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Job Portal version 1.0 Description: A vulnerability was found in the SourceCodester Online Job Portal, affecting some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the Address argument...
CVE-2023-6419
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
Voovi SQL Injection Vulnerability
Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from editprofile.php has a SQL injection vulnerability...
PT-2023-32641 · Unknown · Voovi Social Networking Script
Name of the Vulnerable Software and Affected Versions: Voovi Social Networking Script version 1.0 Description: A SQL injection vulnerability has been reported, affecting the editprofile.php endpoint in multiple parameters, such as username and password. This could allow a remote attacker to send ...
PT-2023-32650 · Unknown · Voovi Social Networking Script
Name of the Vulnerable Software and Affected Versions: Voovi Social Networking Script version 1.0 Description: A vulnerability has been reported that allows a XSS via editprofile.php in multiple parameters. The exploitation of this issue could allow a remote attacker to send a specially crafted...
Voovi Cross-Site Scripting Vulnerability
Voovi is an open source social networking script from Sourceforge. A cross-site scripting vulnerability exists in Voovi version 1.0, which stems from a cross-site scripting vulnerability in editprofile.php...
ImpressCMS Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...
ImpressCMS 跨站脚本漏洞
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...
CVE-2022-46407
Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...
CVE-2022-46407
Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...