10269 matches found
PT-2026-2474
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
MiracleLinux 8 : thunderbird-128.7.0-1.el8_10.ML.1 (AXSA:2025-9663:03)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9663:03 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox:...
PT-2026-2413
Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1 Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions...
CVE-2023-29839
A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...
CVE-2023-40851
Cross Site Scripting XSS vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page...
CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...
CVE-2018-14877
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...
CVE-2003-1031
Cross-site scripting XSS vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as 1 "Interests-Hobbies", 2 "Biography", or 3 "Occupation."...
CVE-2021-0966
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
CVE-2022-23321
A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...
CVE-2022-37247
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting XSS via /admin/settings/fields page...
CVE-2022-26205
Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...
CVE-2017-18601
The examapp plugin 1.0 for WordPress has XSS via exam input text fields...
CVE-2017-18610
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...
CVE-2017-18609
The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter...
CVE-2019-18347
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...
CVE-2019-2104
In HIDL, safeunion, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
CVE-2019-20429
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...
CVE-2020-7934
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...