CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting

A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. ...

CVE-2025-3393

CVE-2025-3393 affects mrcen springboot-ucan-admin (up to commit 5f35162032cbe9288a04e429ef35301545143509) and targets the Personal Settings Interface index. The vulnerability enables cross-site scripting through manipulation of an unknown part of that interface, with remote initiation. The descri...

CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting

A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. ...

SpringBoot-Ucan-Admin 安全漏洞

SpringBoot-Ucan-Admin is an RBAC3-based permission management system by mrcen individual developers. A security vulnerability exists in SpringBoot-Ucan-Admin that stems from improper handling of parameters in the Personal Settings interface, which could lead to cross-site scripting attacks...

PT-2025-15313 · Unknown · Mrcen Springboot-Ucan-Admin

Name of the Vulnerable Software and Affected Versions: mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509 Description: A vulnerability was found in the Personal Settings Interface component of mrcen springboot-ucan-admin, affecting an unknown part of the file...

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description CSRF in switching between enable and disable of the following: - Dark/bright - Auto uppercase sentences - Do not scroll to the bottom on chat open - Auto preload previous visitor chat messages - Load previous message on scroll - New messages - New chats - Online - Based on activity -...

Cross site scripting

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

CVE-2018-16220 affects AudioCodes 405HD VoIP phone with firmware 2.2.12. Affected component: the device’s web interface. Root cause: Cross Site Scripting in input fields (domain field and personal settings) that lets an attacker inject JavaScript by manipulating phone book entries or the domain n...

CVE-2017-16770

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter...

UPM Doesn't Migrate Local User Profiles Since Version 5.4.1

In UPM 5.4.1 and later versions, UPM doesn't migrate local user profiles to UPM store. Then users who are using local profile is unable to retain their personal settings by UPM...

Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities

No description provided by source. Advisory: Serendipity 1.7.5 Backend - Multiple security vulnerabilities Advisory ID: SSCHADV2014-003 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.7.5 Vendor URL: http://www.s9y.org/ Vendor Status: fixed =========================...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting

No description provided by source. Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1 Tested on: N/A CVE :...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1 Tested on: N/A CVE : N/A Description: In the...

Omnidocs Privilege Escalation / Direct Object Access

Exploit Title: Multiple Vulnerability in "Omnidocs" Author: Sohil Garg CVE : CVE-2011-3645 Product Description: OmniDocs is an Enterprise Document Management EDM platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessl...

CVE-2008-0124

Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via 1 the "Real name" field in Personal Settings, which is presented to readers of articles; or 2 a file upload, as demonstrated by a .htm, .html, or...