CVE-2026-23752

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

EUVD-2026-33377

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

PT-2026-44949

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13162 Description An information disclosure issue exists on the Users and Groups pages. Recommendations Update to version 2026.1.13162...

PT-2026-33820

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2025-34278

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

EUVD-2025-37215

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

CVE-2025-34278

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

CVE-2025-34278

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

Nagios Network Analyzer 安全漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in versions prior to Nagios Network Analyzer 2024R1, which stems from a Source Groups page stored cross-site scripting vulnerability that could lead to...

Moodle 4.0.x < 4.0.9 XSS Risk on groups page

According to its self-reported version, the Moodle install hosted on the remote host is 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.4 or 4.2.x prior to 4.2.1. It is, therefore, affected by a Cross-Site Scripting in content on the groups page. Note that the scanner has not...

Moodle 3.11.x < 3.11.15 XSS Risk on groups page

According to its self-reported version, the Moodle install hosted on the remote host is 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.4 or 4.2.x prior to 4.2.1. It is, therefore, affected by a Cross-Site Scripting in content on the groups page. Note that the scanner has not...

Moodle 4.2.x < 4.2.1 XSS Risk on groups page

According to its self-reported version, the Moodle install hosted on the remote host is 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.4 or 4.2.x prior to 4.2.1. It is, therefore, affected by a Cross-Site Scripting in content on the groups page. Note that the scanner has not...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to lack of sanitization in the groups page which allows an attacker to inject and execute arbitrary javascript...

Moodle vulnerable to Cross-site Scripting

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

CVE-2023-35131

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

UBUNTU-CVE-2023-35131

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...