CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

EUVD-2023-60214

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

CVE-2023-53916 affects Zenphoto 1.6 with a stored cross‑site scripting vulnerability in the user postal code field exposed via the admin-users.php interface. When admin user data imported as HTML is viewed, malicious JavaScript injected into the postal code field can execute in the administrator’...

PT-2025-51954

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description The software contains a stored cross-site scripting issue in the user postal code field. This field is accessible through the 'admin-users.php' interface. When administrators view user information that includes...

Mango discloses data breach at third-party provider

Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention

Postal codes now play a key role in cybersecurity, fraud prevention, and digital identity verification, raising new concerns…...

Admidio 4.2.5 CSV Injection

Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Detail...

Microweber 输入验证错误漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

CVE-2018-19340

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...

Horde Groupware SQL Injection Vulnerability

Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A SQL injection vulnerability exists in Horde Groupware 5.2.22 and earlier versions. A remote...

postalcode.globefeed.com XSS vulnerability

Open Bug Bounty ID: OBB-436176 Description| Value ---|--- Affected Website:| postalcode.globefeed.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventio...

SA-CONTRIB-2014-123 - Postal Code - Cross Site Scripting (XSS)

The Postal Code module enables you to implement postal code validation for several countries. The module doesn't sufficiently sanitize certain data in the admin thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...