CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

EUVD-2026-28274

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

Admidio 跨站脚本漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site scripting vulnerability. This vulnerability...

PT-2026-37145

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An unauthenticated attacker can execute arbitrary JavaScript in a user's browser via reflected Cross-Site Scripting XSS. The issue occurs in the 'system/msg window.php' endpoint, which accepts messag...

EUVD-2026-8657

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

CVE-2026-3185

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

PT-2026-21907

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

CVE-2022-26104

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message...

CVE-2026-0670 Stored XSS through a system message and a user-provided parameter in ProofreadPage

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

PT-2026-1966

Name of the Vulnerable Software and Affected Versions MediaWiki - ProofreadPage Extension versions 1.39 through 1.45 Description The MediaWiki - ProofreadPage Extension contains a flaw related to improper input neutralization during web page generation, leading to a Cross-Site Scripting XSS issue...

CVE-2025-62694 Stored XSS through a system message

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39...

CVE-2025-62694

CVE-2025-62694 is a stored XSS in the Wikimedia Foundation MediaWiki WikiLove Extension (version 1.39). The root cause is improper neutralization of input during web page generation. This issue is described across multiple feeds as affecting the WikiLove Extension: 1.39, with a CVSS v4 base score...

CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionmaste: from master before 1.39...

CVE-2025-62700

CVE-2025-62700 describes a Stored XSS in the Wikimedia Foundation MediaWiki extension “MultiBoilerplate Extensionmaste.” The vulnerability arises from improper neutralization of input during web page generation, allowing user-supplied data to be stored and later rendered as executable script. Aff...

CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionmaste: from master before 1.39...

CVE-2025-11937 Stored XSS through a system message in SecurePoll

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...

CVE-2025-11937

CVE-2025-11937 pertains to a Stored XSS vulnerability in the Wikimedia Foundation MediaWiki SecurePoll extension. The issue arises from Improper Neutralization of Input During Web Page Generation, enabling stored cross-site scripting. Affected component: MediaWiki SecurePoll extension (master bra...

CVE-2025-11937 Stored XSS through a system message in SecurePoll

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...

CVE-2025-62670

CVE-2025-62670 affects MediaWiki’s FlexDiagrams Extension (master). The vulnerability is an XSS flaw caused by improper neutralization of input during web page generation, enabling stored XSS in wiki pages. Multiple sources (NVD, Red Hat, CNVD, EU ENISA) corroborate a stored XSS condition in the ...