CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

EUVD-2025-37489

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

CVE-2025-63442

CVE-2025-63442 affects the Simple User Management System with PHP-MySQL v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the Profile Section caused by insufficient sanitization of user input that is reflected in the browser. Root cause: inadequate input sanitization for profile dat...

CVE-2025-63442

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting XSS via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser...

EUVD-2017-2816

Malware in sbrugna...

EUVD-2019-17091

Malware in sbrugna...

GHSA-GJ52-35XM-GXJH Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account...

CVE-2025-1980 Remote Code Execution via Unrestricted File Upload in Ready_

The Ready application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for...

GHSA-VQR3-VRRG-F3JH NodeBB Cross-site scripting (XSS) vulnerability

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

NodeBB v3.11.0 contains a persistent XSS vulnerability in the user profile’s about me field that can store arbitrary code. Exploitation details are not provided in the connected documents, but the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a base score of 4.6 (Medium) with network a...

Teachers Record Management System 1.0 - File Upload Type Validation Vulnerability

Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...

Cross site scripting

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting XSS. The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigge...

CVE-2021-37330

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting XSS. The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigge...

PHP Scripts Mall Investment MLM Software Cross-Site Scripting Vulnerability

PHP Scripts Mall Investment MLM Software is an investment money management system software from PHP Scripts Mall India. A cross-site scripting vulnerability exists in the My Profile Section of PHP Scripts Mall Investment MLM Software version 2.0.2, which can be exploited by an attacker to execute...

CVE-2019-7552

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...

Design/Logic Flaw

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...