PT-2026-25381

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $ SERVER'HTTP HOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

EUVD-2025-150400

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

CVE-2025-63645

CVE-2025-63645 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, affecting the messaging system where unsanitized message content is persisted and later rendered in Inbox view without proper encoding, allowing attacker-controlled content to execute in a recipient’s browser. Public docs...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

PT-2025-46721

Name of the Vulnerable Software and Affected Versions pH7Software pH7-Social-Dating-CMS version 17.9.1 Description A stored cross-site scripting XSS issue exists in the application's message system. Unsanitized message content submitted by a user is stored by the server and displayed to other use...

EUVD-2002-0214

Malware in sbrugna...

EUVD-2022-39960

Malicious code in bioql PyPI...

Fedora: Security Advisory for dbus (FEDORA-2022-7a963a79d1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Message System 1.0 Cross Site Scripting

Title: Message System 1.0 1.0 XSS Stored Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...

Message System 1.0 Local File Inclusion Vulnerability

Title: Message System 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07ksa Tested on:...

CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

Fedora: Security Advisory for dbus (FEDORA-2020-5a1910208c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

dbus is vulnerable to denial of service DoS. The vulnerability exists as a denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with a malformed signature to the bus causing the bus and, consequently, any process using...

SQL Injection Vulnerability in jianbook a***x.asp Page

jianbook is an ultra-clean online message system, the system is developed by asp + Access, the front-end backend in one. SQL injection vulnerability exists in the jianbook ax.asp page, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in jianbook s****w.asp Page

jianbook is an ultra-clean online message system, the system is developed by asp + Access, the front-end backend in one. The jianbook sw.asp page has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

jianbook has a flawed logic vulnerability

jianbook is an ultra-clean online message system, the system is developed by asp + Access, the front-end backend in one. jianbook has a logic flaw vulnerability that can be exploited by attackers to bypass authentication and obtain administrator privileges...

Unauthorized access vulnerability in jianbook

jianbook is an ultra-clean online message system, the system is developed by asp + Access, the front-end backend in one. jianbook has an unauthorized access vulnerability that can be exploited by attackers to gain unauthorized access to sensitive information...

Rockstar Games: The return of the ＜

In this report, the researcher was able to demonstrate a Stored XSS vulnerability in our Message system on the Social Club website. By taking advantage of the fact that '＜' characters are normalized to '.͓̮̮ͅ=sW&͉̹̻͙̫̦̮̲͏̼̝̫́̕...