CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2020-10372

Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI...

CVE-2025-65622

Summary of CVE-2025-65622 (Snipe-IT): Snipe-IT versions prior to 8.3.4 are affected by a stored XSS flaw in the Locations “Country” field. An authenticated, low-privilege user can inject JavaScript that executes in another user’s session. Connected advisories corroborate the issue and identify th...

EUVD-2017-7363

Malware in sbrugna...

EUVD-2020-2827

Malware in sbrugna...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2017-15947

Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...

PT-2023-19393 · Redrock · Tutortrac

Name of the Vulnerable Software and Affected Versions: Redrock Software TutorTrac versions prior to 4.2.170210 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. This is a...

SUSE CVE-2013-1840

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

CVE-2020-10372

Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI...

Cross site scripting

Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI...