EUVD-2026-13332

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2025-50849

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...

CVE-2025-5721

A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/updateprofile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possibl...

CVE-2025-5721 SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/updateprofile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possibl...

CVE-2025-5721 SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/updateprofile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possibl...

PT-2025-24009 · Sourcecodester · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A problematic issue was found in the Profile Setting Page component, specifically affecting an unknown part of the file /script/academic/core/update profile. This leads ...

CVE-2023-27926

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-27926

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...

PT-2023-21424 · Unknown · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit versions 9.88.1.0 and earlier Description: A cross-site scripting issue in the Profile setting function allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions 9.88.1.0...

Slack: URL filter bypass in Enterprise Grid

URL filter bypass in Enterprise Grid Description Slack Enterprise Grid seems to be able to add arbitrary column to the profile of the account. In my company there is a おすすめランチ My Favorite Lunch column, and we can set the URL of the website and Display text. F429131 F429132 Only the http: or https...

WordPress WP User Manager 2.0.8 Shell Upload

Exploit Title: Wordpress Plugin WP User Manager 2.0.8 - Arbitrary file upload Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 5, 2019 Vendor Homepage: https://wpusermanager.com Software Link : https://wordpress.org/plugins/wp-user-manager/ Tested...

MediaTek Wireless Utility rt2870 Denial Of Service

Exploit Title: MediaTek Wirless Utility rt2870 - Denial of Service PoC Autor: Lawrence Amer Date: 2018-09-13 Vendor: MediaTek Software url: https://click.pstmrk.it/2ts/d86o2zu8ugzlg.cloudfront.net%2Fmediatek-craft%2Fdrivers%2FRT27702870RT307x.zip/K94pHAI/oTs1/oC6CdN114w Tested on OS: Windows 7...

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...