CVE-2025-15146

CVE-2025-15146 affects SohuTV CacheCloud up to version 3.2.0. The vulnerability resides in doUserList (src/main/java/com/sohu/cache/web/controller/UserManageController.java); manipulated input can trigger cross-site scripting. The attack is remote and the exploit is publicly available. Mitigation...

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

PT-2025-47599

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning has a flaw that allows privilege escalation through the user management tab. Users assigned the user manage team role can modify user permissions, including granting administrative...

EUVD-2019-1897

Malware in sbrugna...

CVE-2025-5033

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be...

TeaCMS 安全漏洞

TeaCMS is a blogging system by xiaobingby personal developer. A security vulnerability exists in TeaCMS version 2.0.2, which originates from an improperly functioning file src/main/java/me/teacms/controller/admin/UserManageController/addUser, which may lead to cross-site request forgery...

PHPGurukul Online Notes Sharing System Cross-Site Request Forgery Vulnerability

PHPGurukul Online Notes Sharing System is an online notes sharing system from PHPGurukul Inc. A cross-site request forgery vulnerability exists in PHPGurukul Online Notes Sharing System version 1.0, which stems from a cross-site request forgery CSRF vulnerability in the file /user/manage-notes.ph...

PT-2023-18376 · Campcodes · Campcodes Coffee Shop Pos System

Name of the Vulnerable Software and Affected Versions: Campcodes Coffee Shop POS System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/user/manage user.php. The manipulation of the id argument leads to sql injection, allowi...

CVE-2023-1054

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...

PT-2022-22866 · Sourcecodester · Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Cold Storage Management System version 1.0 Description: A vulnerability was found in the Avatar Handler component, affecting the file /csms/admin/?page=user/manage user. This issue leads to unrestricted upload and can be...

CVE-2020-35973

An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php...

CVE-2019-1010152

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...

CVE-2019-1010152

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...

CVE-2018-14962

zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...

PT-2018-18747 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an "action=modify" request to the "user/manage.php" endpoint...

HTTPD-User-Manage cross-site scripting vulnerability

Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...

JVN#30451602 HTTPD-User-Manage cross-site scripting vulnerability

Impact A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage. Solution Products Affected HTTPD-User-Manage 1.62 and earlier...