EUVD-2026-27438

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

CVE-2026-32699

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...

EUVD-2005-3235

Malware in sbrugna...

EUVD-2022-1658

Malicious code in bioql PyPI...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51403

Vulnerability : CVE-2025-51403 affects Live Helper Chat (v4.60/v4.61 era) in the department assignment editing module. The issue is a stored XSS via the Alias Nick field, caused by insufficient validation/escaping of user input. Impact : stored XSS could allow a logged-in user with low privileges...

CVE-2020-28847

Cross Site Scripting XSS vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment...

GHSA-6XVQ-2GJ8-4276 Cross site scripting in valine

valine is a fast, simple & powerful comment system. Cross Site Scripting XSS vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. A fix was released in version 1.4.15...

CVE-2020-28847

Cross Site Scripting XSS vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment...

Valine 跨站脚本漏洞

Valine is a commenting system. A cross-site scripting vulnerability exists in Valine version 1.4.14, which originates from sending to /classes/Comment via the nick parameter...

CVE-2018-19927

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zFormsavechanges sipnick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases...

Cross site scripting

Cross-site scripting XSS vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter...

IRCDelphi NICK参数远程拒绝服务漏洞

BUGTRAQ ID: 41336 IrcDelphi是使用Delphi/Kylix编写的IRC服务程序。 远程攻击者可以通过向IrcDelphi服务器发送包含有特制NICK变量的恶意消息导致拒绝服务的情况。 Christiano Becker IRCDelphi core-alpha1 Christiano Becker IRCDelphi 0.0.0.4a Christiano Becker IRCDelphi 0.0.0.0a3 厂商补丁： Christiano Becker -----------------...

Sql injection

SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 nick aka Name and 2 shout aka Shout parameters...

CVE-2007-5948

Multiple cross-site scripting XSS vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 nick aka Name and 2 shout aka Shout parameters...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...