Lucene search
K

6 matches found

CVE
CVE
added 2026/03/19 3:48 p.m.18 views

CVE-2026-32866

OPEXUS eComplaint and eCASE prior to version 10.2.0.0 are affected by a stored XSS vulnerability in profile name handling. An authenticated user can inject parts of an XSS payload into their first and last name fields, and the payload is executed when the full name is rendered, allowing script ex...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51967

Name of the Vulnerable Software and Affected Versions phpMyFAQ version 3.1.12 Description The software contains a CSV injection flaw that permits authenticated users to inject malicious formulas into their profile names. An attacker can modify their user profile name with a payload such as...

8.8CVSS7.5AI score0.00442EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16339

Malware in sbrugna...

7.5CVSS7.5AI score0.01185EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28605

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.16 views

CVE-2024-26489

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field...

5.7AI score0.00413EPSS
Exploits1References1
OSV
OSV
added 2019/05/17 4:29 p.m.11 views

UBUNTU-CVE-2019-6781

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...

7.5CVSS7.1AI score0.01185EPSS
Exploits0References3
Rows per page
Query Builder