40 matches found
CVE-2026-33051
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2026-33051
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...
EUVD-2018-10910
Malware in sbrugna...
CVE-2025-58174
LAM (LDAP Account Manager) up to v9.2 has a stored XSS in the Profile section via the profile name field. An authenticated user with profile edit rights can inject script that executes when the profile is viewed. The issue is fixed in v9.3; upgrade to 9.3 or later is the recommended remediation. ...
CVE-2025-58174 LAM profile editor stored cross-site scripting vulnerability
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script for example a script element. An...
Linux Distros Unpatched Vulnerability : CVE-2022-24851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile...
CVE-2020-9008
Stored Cross-site scripting XSS vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor...
LDAP Account Manager Cross-Site Scripting Vulnerability
LDAP Account Manager is a Web front-end for managing entries stored in the LDAP directory e.g., users, groups, DHCP settings. A cross-site scripting vulnerability exists in LDAP Account Manager LAM, which stems from the fact that the Profile Editor tool has the ability to edit profiles and the...
DEBIAN-CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
UBUNTU-CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
CVE-2022-24851 Stored XSS and path traversal in LDAPAccountManager/lam
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
PT-2022-16926 · Unknown · Ldap Account Manager
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager LAM versions prior to 7.9.1 Description: The profile editor tool in LDAP Account Manager LAM has an edit profile functionality where parameters are not properly sanitized, leading to stored XSS attacks. An authenticated...
LDAP Account Manager 跨站脚本漏洞
LDAP Account Manager is a Web front-end for managing entries stored in the LDAP directory e.g., users, groups, DHCP settings. A cross-site scripting vulnerability exists in LDAP Account Manager LAM, which stems from the fact that the Profile Editor tool has the ability to edit profiles and the...
Akkadian Provisioning Manager 安全漏洞
Akkadian Provisioning Manager is a provisioning solution from Akkadian USA for new integrations for more robust provisioning automation. A security vulnerability in the SSH console of Akkadian Provisioning Manager 4.50.02 allows an attacker with low-level privileges to escape the Web profile edit...
CVE-2020-9008
Stored Cross-site scripting XSS vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor...