EUVD-2026-31700

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirmloggedin of the file studenttrans.php. Such manipulation of the argument FIRSTNAME/LastName/EMAIL leads to sql injection. It is possibl...

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

EUVD-2017-9137

Malware in sbrugna...

EUVD-2024-52724

Malicious code in bioql PyPI...

EUVD-2022-37889

Malicious code in bioql PyPI...

EUVD-2021-29824

Malicious code in bioql PyPI...

CVE-2024-54999

MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...

CVE-2024-54994

MonicaHQ v4.1.2 is affected by multiple client-side injection vulnerabilities in the Add a new relationship feature, exploitable via the first_name and last_name parameters. The CVE entry (CVE-2024-54994) lists a CVSS v3.1 base score of 6.5 (Medium) with network attack vector, low complexity, no ...

CVE-2023-30790

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and firstname and lastname parameter...

CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the firstname and lastname parameters...

agisportal.lanl.gov Cross Site Scripting vulnerability OBB-2153634

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| agisportal.lanl.gov ---|--- Open Bug...

CVE-2021-40922

CVE-2021-40922 is a cross-site scripting (XSS) vulnerability affecting the open source defect-tracking system Bugs/Tinyissue in versions 1.8 and earlier, exploitable via the last_name parameter in install/index.php . The root cause is improper input handling in that endpoint, enabling remote atta...

CVE-2021-40922

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...

Monica 2.19.1 Cross Site Scripting

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...

Monica 2.19.1 - (last_name) Stored XSS Vulnerability

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...

Monica 2.19.1 - 'last_name' Stored XSS

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...

CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...

CVE-2017-17995

Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...

Server side request forgery (ssrf)

Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...

CVE-2017-17995

Biometric Shift Employee Management System is affected by a stored/reflected XSS via the Last_Name parameter in the index.php?user=ajax request. The issue, reported across multiple sources (NVD/CNVD/CVELIST, etc.), is caused by improper sanitization of user-supplied input leading to script inject...