CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

PT-2025-49360

Name of the Vulnerable Software and Affected Versions Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 Description A stack-based buffer overflow exists in the AP get wireless clientlist setClientsName function within the mod form.so file...

EUVD-2015-2865

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS by an admin user who injects a malicious script into the "List name" field of a new campaign at the /admin/modules/newsletter/lists endpoint. The...

Exploit for Cross-site Scripting in Microweber

CVE-2024-33297 Stored Cross Site Scripting vulnerability in Mi...

CVE-2024-10287

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

CVE-2017-20186

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

CVE-2017-20186

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

CVE-2017-20186 nikooo777 ckSurf Spectator List Name misc.sp SpecListMenuDead denial of service

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

CVE-2017-20186

CVE-2017-20186 affects nikooo777 ckSurf (CSGO timer) up to v1.19.2. The Denial of Service arises from improper handling of the cleanName argument in SpecListMenuDead (csgo/addons/sourcemod/scripting/ckSurf/misc.sp, Spectator List Name Handler). The fix is upgrading to v1.21.0 (patch fd6318d99083a...

PT-2023-10015 · Unknown · Mail Subscribe List Plugin

Name of the Vulnerable Software and Affected Versions: Mail Subscribe List Plugin versions up to 2.0.10 Description: The issue affects some unknown processing of the file index.php. The manipulation of the argument sml name/sml email leads to cross site scripting. The attack may be initiated...

SUSE CVE-2015-2775

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. dot dot in a list name...

Cross site scripting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2020-14024

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the 1 Receiver or Recipient field in the Mailbox feature, 2 OZFORMGROUPNAME field in the Group configuration of addresses, 3 listname field in the Defining address lists configuration, o...

CVE-2015-4639

Cross-site scripting XSS vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name...

Heap overflow

Heap-based buffer overflow in the QualifierList retrievequalifierlist function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190...