WordPress Custom New User Notification plugin <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom New User Notification versions = 1.2.0...

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041

CVE-2026-5041 affects code-projects Chamber of Commerce Membership Management System 1.0. The vulnerability is in the fwrite usage of admin/pageMail.php, where manipulating the arguments mailSubject/mailMessage enables command injection. The attack could be remote and publicly available exploit c...

Nextcloud: Mail stored HTML injection in subject text

A vulnerability was discovered in the mail stored HTML injection in subject text. The vulnerability allowed for arbitrary HTML code to be injected into the subject line of emails stored in the system...

CVE-2020-29470

OpenCart 3.0.3.6 is affected by cross-site scripting XSS in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal...

OpenCart 3.0.3.6 - (subject) Stored Cross-Site Scripting Vulnerability

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Exploit Author: Mert Daş Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.7 Tested on: Windows 10 Stored Cross-site scriptingXSS: Stored XSS, also...

CVE-2020-29470

OpenCart 3.0.3.6 is affected by cross-site scripting XSS in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal...

Websense Email Security - Cross-Site Scripting

Websense Email Security - Cross-Site Scripting Security Advisory NSOADV-2009-003 Title: Websense Email Security Cross Site Scripting Severity: Low Advisory ID: NSOADV-2009-003 Found Date: 28.09.2009 Date Reported: 01.10.2009 Release Date: 20.10.2009 Author: Nikolas Sotiriu Mail: nso-research at...