CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

CVE-2005-1784

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp...

EUVD-2018-18649

Malware in sbrugna...

EUVD-2018-18647

Malware in sbrugna...

EUVD-2009-2596

Malware in sbrugna...

EUVD-2009-4533

Malware in sbrugna...

EUVD-2007-5961

Malware in sbrugna...

EUVD-2011-0468

Malware in sbrugna...

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel SQL Injection Vulnerability

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel is a user registration and login system with an administrative panel from EGavilan Media. EGavilan Media User-Registration -and-Login-System-With-Admin-Panel version 1.0 contains a SQL injection vulnerability, which stems from...

CVE-2021-44096

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...

GHSA-J49X-JJMJ-9FQJ Magento XSS Vulnerability

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Magento XSS Vulnerability

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

UBUNTU-CVE-2020-13231

In Cacti before 1.2.11, authprofile.php?action=edit allows CSRF for an admin email change...

CVE-2019-8227

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Code injection

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...

CVE-2018-6904

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action...

CVE-2018-6902

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action...

CVE-2018-6902

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action...