6 matches found
CVE-2025-59821
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...
PT-2025-27826 · Bolt Cms · Bolt Cms
Name of the Vulnerable Software and Affected Versions: Bolt CMS versions 3.7.0 and earlier Description: The issue allows an authenticated user to achieve remote code execution. This is done by injecting arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitiz...
CVE-2024-22238
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization...
CVE-2023-26055 XWiki Commons may allow privilege escalation to programming rights via user's first name
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places...
MFORUM 0.1a Arbitrary Add-Admin Vulnerability
No description provided by source. ================================================= MFORUM 0.1a Arbitrary Add-Admin Vulnerability ================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
MFORUM 0.1a Arbitrary Add-Admin Vulnerability
Exploit for unknown platform in category web applications ============================================= MFORUM 0.1a Arbitrary Add-Admin Vulnerability ============================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...