EUVD-2018-21768

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2018-25257

CVE-2018-25257 – Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability. An authenticated user can inject SQL code via the name field in SystemProfileForm's profile edit endpoint to manipulate queries, potentially modifying user credentials and gaining administrative access. Af...

CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2018-25257

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

EUVD-2025-25075

Malicious code in bioql PyPI...

CVE-2025-8896

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprcommunicationpreferences' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and...

CVE-2024-4310

Cross-site Scripting XSS vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover...

CVE-2024-4310 Cross-site Scripting (XSS) vulnerability in HubBank

Cross-site Scripting XSS vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover...

CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...

CVE-2022-38971

CVE-2022-38971 is a stored XSS vulnerability affecting the WordPress BuddyForms/ThemeKraft Post Form family (Registration, Profile, and Content Forms) for version

SUSE CVE-2016-6211

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form...

GHSA-FRQF-9QR4-6VXF Drupal Saving user accounts can sometimes grant the user all roles

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form...

CVE-2020-23126

Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends...

CVE-2020-24708

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...

Cross site scripting

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...

UBUNTU-CVE-2016-6211

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form...

CVE-2016-6211

Removed by vendor...

XSS in dokeos 2.1.1

Exploit Title : Dokeos 2.1.1 Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/17/12 version: 2.1.1 software link:www.dokeos.com Dokeos description Dokeos is an open source e-learning platform programmed in PHP, Javascript and HTML which...