Linux Distros Unpatched Vulnerability : CVE-2017-2642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.x has user fullname disclosure on the user preferences page. CVE-2017-2642 Note that Nessus relies on the presence of the package as reported by the...

GHSA-HPRR-4VFQ-FCXW Plone XSS in User Fullname Property and File Upload

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

Plone XSS in User Fullname Property and File Upload

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

Cross-Site Scripting (XSS)

plone is vulnerable to cross-site scripting. The package fails to sanitize the user fullname field allowing attackers to execute arbitrary JavaScript in a victim's browser...

Cross-Site Scripting (XSS)

plone is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by injecting script via the user fullname property and file upload functionality...

PYSEC-2021-78

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

CVE-2021-3313

Plone CMS affected: versions up to and including 5.2.4. The issue is a stored XSS in the user fullname attribute and file upload handling, caused by input not being properly encoded when echoed back. Impact is that an attacker can inject JavaScript that executes in the victim’s browser when inter...

Cross site scripting

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" aka user fullname field...

CVE-2018-14924

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" aka user fullname field...

CVE-2018-14924

CVE-2018-14924 affects Matera Banco 1.0.0. The connected sources describe a stored XSS in the application, exploitable via the sca/privilegio/consultarUsuario.jsf “Nome Completo” field. CNVD notes a remote attacker can inject arbitrary script/HTML, consistent with stored XSS. No patch/version rem...

CVE-2017-2642

CVE-2017-2642 affects Moodle 3.x, causing a user fullname disclosure on the user preferences page. The incident is supported by multiple feeds in connected data, including CVE reporting and OpenVAS/Nessus entries that reference Moodle moodle 3.x and the associated Fedora updates. CVSS metrics ind...