27 matches found
CVE-2026-40286
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
CVE-2026-40286
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
CVE-2026-40286
Summary: CVE-2026-40286 affects WeGIA, a web manager for charitable institutions. In versions before 3.6.10, a Stored XSS vulnerability exists in the Subject/Member Registration workflow. An attacker can inject a payload into the Member Name field, which is persistently stored in the database and...
CVE-2026-40286 WeGIA has Cross-Site Scripting in Controle de Contribuição
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
CVE-2026-40286
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
CVE-2026-40286 WeGIA has Cross-Site Scripting in Controle de Contribuição
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
EUVD-2026-23531
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
PT-2026-33514
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
EUVD-2006-0003
Malware in sbrugna...
EUVD-2021-7858
Malicious code in bioql PyPI...
WordPress WP eMember plugin < 10.6.7 - Unauthenticated Stored XSS via Member Registration vulnerability
Unauthenticated Stored XSS via Member Registration vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...
CVE-2024-5079 WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2023-52274
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...
CVE-2023-52274
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...
Information disclosure
IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...
CVE-2018-20012
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI...
CVE-2018-20012
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI...
Injection Vulnerability in Guomicro CMS Government Website System v20180121 Member Registration
State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS government website system v20180121 injection vulnerability exists in the member registration , attackers can use the...
Code injection
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...