CVE-2025-13048 Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

EUVD-2021-32740

Malicious code in bioql PyPI...

CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...

CVE-2022-36778

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

PT-2022-23618 · Synel · Eharmony

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to insert HTML or JavaScript code into a specific input field. To access the vulnerable input, an attacker would navigate t...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

Cross site scripting

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-60477)

BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting vulnerability exists in versions of baserCMS prior to 4.4.1. An attacker can exploit this vulnerability by entering a specially crafted nickname in a blog comment to execute arbitrary JavaScript...

Stored Cross-site Scripting Vulnerability in yiifcms v1.5

yiifcms is a content management system CMS developed on the yii framework. A stored cross-site scripting vulnerability exists in yiifcms v1.5, due to the system failing to strictly filter nickname and personality signature input. Attackers can use this vulnerability to obtain COOKIE information, ...