CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730

CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...

Verint Verba 跨站脚本漏洞

Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...

PT-2026-40928

Name of the Vulnerable Software and Affected Versions Verba versions prior to 10.0.6 Description A Stored Cross-Site Scripting XSS issue exists in the login logging mechanism. An unauthenticated remote attacker can inject a malicious payload into the username field during a failed login attempt...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...

EUVD-2024-51656

Malicious code in bioql PyPI...

CVE-2024-42349

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server fogloginaccepted.log and fogloginfailed.log...

CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

PT-2025-2209 · WordPress · The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login Url – Sign In

Name of the Vulnerable Software and Affected Versions: The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress versions up to, and including, 7.1.1 Description: The issue is related to...

CVE-2024-42349 FOG has a Log Information Disclosure

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server fogloginaccepted.log and fogloginfailed.log...

PT-2024-29886 · Unknown · Fog Server

Name of the Vulnerable Software and Affected Versions: FOG Server versions 1.5.10.41.4 and earlier Description: The issue concerns the exposure of sensitive information via logs stored on the web server. Specifically, FOG Server creates two logs, fog login accepted.log and fog login failed.log, o...

CVE-2023-52068

kodbox v1.43 was discovered to contain a cross-site scripting XSS vulnerability via the operation and login logs...

CVE-2023-52068

kodbox v1.43 was discovered to contain a cross-site scripting XSS vulnerability via the operation and login logs...

Cross site scripting

kodbox v1.43 was discovered to contain a cross-site scripting XSS vulnerability via the operation and login logs...