CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

EUVD-2026-28274

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-41661

CVE-2026-41661 describes a reflected XSS in Admidio prior to 5.0.9. The attack uses the endpoint system/msg_window.php; input in message_var1 is passed through htmlspecialchars(), which leaves square brackets intact. Language::prepareTextPlaceholders() then converts [ and ] to , allowing the inje...

CVE-2026-41661 Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

Admidio 跨站脚本漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site scripting vulnerability. This vulnerability...

PT-2026-37145

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An unauthenticated attacker can execute arbitrary JavaScript in a user's browser via reflected Cross-Site Scripting XSS. The issue occurs in the 'system/msg window.php' endpoint, which accepts messag...

CVE-2026-34770

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

EUVD-2008-0145

Malware in sbrugna...

CVE-2019-9132

Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower...

CenterIM <= 4.22.3 - Remote Command Execution Vulnerability

No description provided by source. Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2...

PT-2008-3034 · Centerim · Centerim

Name of the Vulnerable Software and Affected Versions: CenterIM versions 4.22.3 and earlier Description: The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to received URLs in the message window. This issue has been disputed du...

MSOE Javascript Execution Vulnerability

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net Outlook Express Window Opener Script Execution Vulnerability Tested Microsoft Outlook Express version 6.0.2800.1123. Microsoft Windows XP sp2 Discussion Microsoft Outlook Express is prone to a vulnerabili...