Classroombookings 安全漏洞

Classroombookings is a school room reservation system developed by Craig A Rodway, based on PHP and MySQL. Versions of Classroombookings 2.17.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function read in the User Display Name Handler component’s...

CVE-2025-13746

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2021-24028

Malware in sbrugna...

EUVD-2014-0017

Malware in sbrugna...

EUVD-2006-2308

Malware in sbrugna...

EUVD-2024-27449

Malicious code in bioql PyPI...

EUVD-2024-27301

Malicious code in bioql PyPI...

EUVD-2022-2338

Malicious code in bioql PyPI...

CVE-2024-1759

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-21619

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins...

CVE-2021-37463

In NCH Quorum v2.03 and earlier, XSS exists via User Display Name stored...

CVE-2024-1766

The CVE-2024-1766 is a Stored Cross-Site Scripting vulnerability in the WordPress Download Manager plugin (versions

CVE-2024-1759

CVE-2024-1759: WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to 4.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (subscriber level or higher) and can allow injecti...

CVE-2024-2500 ColorMag <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...

PT-2024-19618 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews plugin for WordPress versions up to, and including, 6.11.4 Description: The issue is related to Stored Cross-Site Scripting via the user display name due to insufficient input sanitization and output escaping. This allows...

WordPress Plugin Site Reviews Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Site Reviews < 6.11.7 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name

Description The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user display name sanitization in backendheader.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2022-39346 Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

XSS vulnerability in Jenkins Claim Plugin

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name shown in claims. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside...