CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

CVE-2026-2947 rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

CVE-2026-2947 rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations in the updateUserInfo functio...

PT-2026-21450

Name of the Vulnerable Software and Affected Versions rymcu forest versions up to 0.0.5 Description A cross-site scripting issue exists in rymcu forest. The issue is located in the updateUserInfo function within the src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java file of the...

EUVD-2023-34641

Malicious code in bioql PyPI...

CVE-2025-2089 StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...

CVE-2025-2089 StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...

CVE-2024-50658

Server-Side Template Injection SSTI was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file...

iPublish AdPortal 跨站脚本漏洞

iPublish AdPortal is a self-service newspaper advertising platform from iPublish, Inc. A security vulnerability exists in iPublish AdPortal version 3.0.39, which stems from a cross-site scripting vulnerability that allows remote attackers to elevate privileges via the shippingAsBilling parameter ...

PT-2025-2879 · Ipublish Media Solutions · Ipublish Media Solutions Adportal

Name of the Vulnerable Software and Affected Versions: iPublish Media Solutions AdPortal version 3.0.39 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via the shippingAsBilling parameter in the "updateuserinfo.html" endpoint. Recommendations: For iPublis...

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

Cross site scripting

A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the...

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information...

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information...

PT-2023-22592 · Unknown · Newbee-Mall

Name of the Vulnerable Software and Affected Versions: newbee-mall versions prior to commit 1f2c2dfy Description: The issue is related to insecure permissions in the updateUserInfo function, which allows attackers to obtain user account information. Recommendations: For versions prior to commit...

CVE-2023-30216

The CVE-2023-30216 entry affects the open-source e-commerce system newbee-mall prior to commit 1f2c2dfy, where the updateUserInfo function has insecure permissions. This configuration flaw allows attackers to obtain user account information, as described across multiple sources. Root cause: impro...

newbee-mall 安全漏洞

newbee-mall is an e-commerce system. A security vulnerability exists in previous versions of newbee-mall 1f2c2dfy, which stems from an insecure privilege setting in the updateUserInfo function and can be exploited by an attacker to obtain user account information...

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information...