CVE-2024-58292

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

EUVD-2024-55339

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

CVE-2024-58292

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

CVE-2024-58292

CVE-2024-58292 affects XMB Forum 1.9.12.06. Red Hat and NVD entries describe a persistent cross-site scripting vulnerability exploitable by authenticated administrators who can inject JavaScript into templates and front-page settings (footer templates, news ticker). When pages render, the script ...

CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

PT-2025-50746

Name of the Vulnerable Software and Affected Versions XMB Forum version 1.9.12.06 Description The software contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in...

EUVD-2004-1598

Malware in sbrugna...

EUVD-2004-2225

Malware in sbrugna...

EUVD-2005-2144

Malware in sbrugna...

EUVD-2011-4234

Malware in sbrugna...

EUVD-2012-0828

Malware in sbrugna...

CVE-2025-8948 projectworlds Visitor Management System front.php sql injection

A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2024-38524 GWC Home Page communicate version and revision information

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

CVE-2005-2143

Microsoft Front Page allows attackers to cause a denial of service crash via a crafted style tag in a web page...

DRUPAL-CORE-2025-002

Bulk operations allow authorized users to modify several nodes at once from the Content page /admin/content. A site builder can also add bulk operations to other pages using Views. A bug in the core Actions system allows some users to modify some fields using bulk actions that they do not have...

XMB 1.9.12.06 - Stored XSS

Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Front lo***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...