Lucene search
K

217 matches found

NVD
NVD
added 2026/07/06 8:16 a.m.7 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 6:0 a.m.5 views

EUVD-2026-41819

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 11:2 p.m.7 views

GHSA-39G2-8X68-PMX8 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Summary PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the contex...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.14 views

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 12:56 p.m.19 views

CVE-2026-54219 Stored XSS in UBB.threads

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.6 views

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 12:56 p.m.24 views

CVE-2026-54219

UBB.threads is vulnerable to a Stored XSS flaw via user posts and profile fields due to insufficient input sanitization. In the confirmed case, version 7.7.5 is affected, and low-privilege attackers can inject JavaScript that executes in a victim’s browser when viewing content. Other versions may...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 12:56 p.m.10 views

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

2.7CVSS5.5AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 12:11 p.m.12 views

EUVD-2018-21850

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25330

Joomla! EkRishta 2.10 is affected by persistent XSS and SQL injection as described in CVE-2018-25330. The vulnerabilities enable attackers to inject script payloads into profile information (e.g., Address) and SQL payloads via the phone_no parameter to user_setting, allowing script execution when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.6 views

CVE-2018-25330

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.17 views

PT-2026-41556

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References5
NVD
NVD
added 2026/05/16 4:16 p.m.36 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 3:26 p.m.17 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

6.9CVSS5.7AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.42 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.14 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS5.7AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.9 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS5.7AI score0.00232EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder