24 matches found
CVE-2021-41542
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
EUVD-2017-15245
Malware in sbrugna...
EUVD-2018-14539
Malware in sbrugna...
EUVD-2018-15091
Malware in sbrugna...
EUVD-2018-7326
Malware in sbrugna...
EUVD-2018-14546
Malware in sbrugna...
EUVD-2024-28393
Malicious code in bioql PyPI...
EUVD-2024-48201
Malicious code in bioql PyPI...
EUVD-2022-48710
Malicious code in bioql PyPI...
EUVD-2024-48212
Malicious code in bioql PyPI...
EUVD-2023-2518
Malicious code in bioql PyPI...
CVE-2022-45857
An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...
CVE-2019-19552
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another...
CVE-2025-4934 PHPGurukul User Registration & Login and User Management System edit-profile.php sql injection
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated...
CVE-2025-30708
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Search and Register Users. Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User...
CVE-2025-30708
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Search and Register Users. Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User...
CVE-2024-12666
CVE-2024-12666 affects ClassCMS up to version 4.8, where a vulnerability exists in the file path "/admin?do=admin:user:editPost" in the User Management Page . The root cause is described as improper handling of insufficient privileges, enabling a remote attack. The exploit has been disclosed publ...
OneBlog User Management Module Cross-Site Scripting Vulnerability
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from a lack of effective filtering and escaping of user-supplied data in the User Management module, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors...
Able to change admin email and password without current password validation.
Description Able to change admin email and password without current password validation. Change the User%5Buid%5D for the User UID of the current admin user. for the example: uid of the current admin is 1. Then change the other info like User%5Bemail%5D,User%5Bpassword%5D and passwordrepeat for...