CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...

CVE-2025-5498 slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization

A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function filegetcontents/isfile of the file include/inclib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpagecustom leads...

PT-2025-17841 · Xpert Tab · Xpert Tab

Name of the Vulnerable Software and Affected Versions: Xpert Tab versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious...

CVE-2025-23863 WordPress Rollover Tab plugin <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sabaoh Rollover Tab rollover-tab allows Stored XSS.This issue affects Rollover Tab: from n/a through = 1.3.2...

GHSA-P9F2-JG9W-CX69 Aim Stored Cross-site Scripting Vulnerability

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

PT-2024-37732 · Aimhubio · Aim

Name of the Vulnerable Software and Affected Versions: aimhubio/aim version 3.19.3 Description: A stored cross-site scripting XSS issue exists due to the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed usin...

Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail and more. A cross-site scripting vulnerability exists in Usermin version 2.001, which originates from a security issue within the filter, forward mail tab, that allows remote...

CVE-2022-44951

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...

CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

Vicidial 安全漏洞

Vicidial is a software suite from Vicidial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. Vicidial suffers from a cross-site scripting vulnerability that stems from the discovery of a...

Oracle E-Business Suite Oracle Customers Online 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is a seamless integration of a management suite. Oracle Customers...

Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)

The "Editor" tab under the "Tables" section is vulnerable to stored XSS. It is possible to store XSS in all input fields as the code does not sanitise any of the user input. PoC Open a Table, go to the editor and enter a payload below in a cell, then save the Table = 1.9.99 - = 1.10.0 -...

CVE-2020-25955

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting XSS via the 'add subject' tab...

dovecot-disclose.txt

lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit written by Kingcope import sys impor...

Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure

Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry...