CVE-2026-40286

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

CVE-2026-40286

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

EUVD-2026-23531

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

CVE-2026-40286

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

CVE-2026-40286 WeGIA has Cross-Site Scripting in Controle de Contribuição

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

silverstripe/framework's `Member.Name` is not escaped

The core template framework/templates/Includes/GridFieldprint.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member-getName just returns the raw FirstName + Surname as a string, which is injected...

PT-2024-40454 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: The issue arises from the core template framework/templates/Includes/GridField print.ss using "Printed by $Member.Name". If the currently logged-in member's first name or surname...

Badaso 跨站脚本漏洞

Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A cross-site scripting vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the Name of membe...

POS Codekop 跨站脚本漏洞

POS Codekop is an application. A security vulnerability exists in POS Codekop version 2.0, which stems from the parameter nmmember containing a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2023-1948

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads t...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads t...

BP Monitoring Management System 跨站脚本漏洞

BP Monitoring Management System is a web-based application by the individual developer of phpgurukul. A cross-site scripting vulnerability exists in version 1.0 of the PHPGurukul BP Monitoring Management System, which stems from an issue with the file add-family-member.php, where manipulation of...

PT-2023-17361 · Unknown · Phpgurukul Bp Monitoring Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul BP Monitoring Management System version 1.0 Description: A problematic issue has been found in the Add New Family Member Handler component, specifically in the file add-family-member.php. The manipulation of the Member Name argumen...

Debian DLA-2210-1 : apt security update

When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. For Debian 8...

mailman security and bug fix update

3:2.1.15-30 - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 3:2.1.15-29 - Resolves: 1611689 - Trim long text in 'no such list' messages 3:2.1.15-28 - Resolves: 1718180 - Try to decode member name first 3:2.1.15-27 - Related : 1545973 - Bump release to override rhel-7.4.z versi...

Fedora 14 : mailman-2.1.13-7.fc14 (2011-2102)

fixed CVE-2011-0707: three XSS flaws due improper escaping of the full name of the member Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities

Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple Cross-Site Scripting Vulnerability. SecPod Technologies www.secpod.com Author Veerendra G.G SecPod ID: 1005 09/07/2010 Issue Discovered 09/10/2010 Vendor Notified 09/13/2010 Vendor Confirmed 09/14/2010 Fix Available Class: Cross-Si...

Sienzo Digital Music Mentor 2.6.0.4 - SetEvalExpiryDate Overwrite (SEH)

shellcode=unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" shellcode=shellcode+unescape"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41"...

CVE-2007-1186

WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact...