Lucene search
K

12 matches found

EUVD
EUVD
added 2026/05/15 6:36 p.m.10 views

EUVD-2021-34815

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.9 views

PT-2025-51859

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

6.4CVSS5AI score0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/08 3:30 p.m.7 views

EUVD-2025-201710

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

8.3CVSS5.6AI score0.00256EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/05/30 9:25 a.m.12 views

HackerOne: Residual Malicious Payloads on HackerOne after Vulnerability Fixes

A vulnerability was previously discovered on the HackerOne platform that allowed users to add malicious payloads to their profile pages. Despite remediation efforts, some of these malicious payloads were not fully removed from user profiles. This situation meant that the malicious content could...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:10 a.m.8 views

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

6.1CVSS6AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.9 views

CVE-2022-1208

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected...

6.4CVSS5.8AI score0.00872EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.7 views

PT-2024-31872 · Unknown · Projectworld Online Voting System

Name of the Vulnerable Software and Affected Versions: Projectworld Online Voting System version 1.0 Description: A stored Cross-Site Scripting XSS issue was identified that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed i...

5.4CVSS5.3AI score0.00268EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/10 12:0 a.m.20 views

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

5.8AI score0.00213EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 12:0 a.m.69 views

CVE-2024-23735

CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...

6.1CVSS5.9AI score0.00213EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2023-7125

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

4.3CVSS5.8AI score0.00237EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.16 views

Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile...

6.4CVSS3.8AI score0.00872EPSS
Exploits1Affected Software1
Drupal
Drupal
added 2006/09/20 12:0 a.m.13 views

Site Profile Directory cross site scripting vulnerability

It is possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Drupal core is not affected. If you do not use the Sit...

6.3AI score
Exploits0References5
Rows per page
Query Builder