CVE-2026-39328

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

CVE-2026-39328 ChurchCRM has Stored XSS in Social Profile Fields

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

EUVD-2018-9364

Malware in sbrugna...

CVE-2019-17140

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cross site scripting

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

CVE-2022-21649 Stored XSS via attribute in convos

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description When editing your profile, you can create social media links. However, the stored XSS vulnerability using the autofocus and onfocus attributes occurs because the double-quote is not URL-encoded in the input value of the social media link. Proof of Concept txt 1. Open the...

CVE-2019-17140

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PhantomPDF Signature Field OnFocus Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of t...

Foxit Reader for Windows Memory Misreference Vulnerability (CNVD-2018-22397)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A memory misreference vulnerability exists in the handling of the onFocus event in Foxit Reader 9.2.0.9297 and earlier versions for Windows platforms, where the program fails to...

CVE-2018-17617

CVE-2018-17617 affects Foxit Reader for Windows (including versions around 9.0.x and 9.2.x) via onFocus handling. The flaw is a memory/object existence check issue on focus events, enabling remote code execution when a user opens a malicious file or page. Connected sources corroborate the onFocus...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17617

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader CheckBox onFocus Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

diziler.com XSS vulnerability

Open Bug Bounty ID: OBB-667784 Description| Value ---|--- Affected Website:| diziler.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

thenational.ae XSS vulnerability

Open Bug Bounty ID: OBB-629538 Description| Value ---|--- Affected Website:| thenational.ae Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

kat.how XSS vulnerability

Vulnerable URL: https://kat.how/search.php?q='"+autofocus+onfocus=alert'OPENBUGBOUNTY'value=OPENBUGBOUNTY"' /Style=position:fixed;top:0;left:0;font-size:999px; /Onmouseenter=confirmOPENBUGBOUNTY // Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status...

pisni.org.ua XSS vulnerability

Vulnerable URL: http://www.pisni.org.ua/search.php?phrase=" autofocus onfocus="alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 107261 VIP website status:| No Check...