CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

PT-2026-39884

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where the $g show user realname variable is set to ON, leading to Cross-site scripting XSS...

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

EUVD-2019-16717

Malware in sbrugna...

EUVD-2007-1183

Malware in sbrugna...

EUVD-2024-2724

Malicious code in bioql PyPI...

CVE-2017-1000495

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the real name field due to improper user input sanitization. This is only exploitable if the user has the editmyprivateinfo right or similar permissions that allow them to modify their real name. Details...

CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

PT-2024-32649 · Mediawiki · Mediawiki Citizen Skin

Name of the Vulnerable Software and Affected Versions: MediaWiki Citizen Skin versions prior to 2.31.0 Description: The issue allows a user with the editmyprivateinfo right or who can otherwise change their name to perform a self-XSS attack by setting their "real name" to an XSS payload. This can...

CVE-2023-47098

A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...

CVE-2023-47098

A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...

CVE-2023-38307

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name...

CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

Cross site scripting

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

PT-2023-4163 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Stored Cross-Site Scripting XSS issue was discovered in the Users and Groups functionality. This occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name. The...

PT-2023-4162 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: The issue is related to the lack of protection of the web page structure in the Webmin control panel, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can be exploited to achieve...

CVE-2023-38307

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name...