12 matches found
EUVD-2021-34815
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...
PT-2025-51859
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
EUVD-2025-201710
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...
HackerOne: Residual Malicious Payloads on HackerOne after Vulnerability Fixes
A vulnerability was previously discovered on the HackerOne platform that allowed users to add malicious payloads to their profile pages. Despite remediation efforts, some of these malicious payloads were not fully removed from user profiles. This situation meant that the malicious content could...
CVE-2024-23735
Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected...
PT-2024-31872 · Unknown · Projectworld Online Voting System
Name of the Vulnerable Software and Affected Versions: Projectworld Online Voting System version 1.0 Description: A stored Cross-Site Scripting XSS issue was identified that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed i...
CVE-2024-23735
Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...
CVE-2024-23735
CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...
CVE-2023-7125
The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...
Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile...
Site Profile Directory cross site scripting vulnerability
It is possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Drupal core is not affected. If you do not use the Sit...