6 matches found
CVE-2026-32866
OPEXUS eComplaint and eCASE prior to version 10.2.0.0 are affected by a stored XSS vulnerability in profile name handling. An authenticated user can inject parts of an XSS payload into their first and last name fields, and the payload is executed when the full name is rendered, allowing script ex...
PT-2025-51967
Name of the Vulnerable Software and Affected Versions phpMyFAQ version 3.1.12 Description The software contains a CSV injection flaw that permits authenticated users to inject malicious formulas into their profile names. An attacker can modify their user profile name with a payload such as...
EUVD-2019-16339
Malware in sbrugna...
EUVD-2025-28605
Malicious code in bioql PyPI...
CVE-2024-26489
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field...
UBUNTU-CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...