Lucene search
K

14 matches found

NVD
NVD
added 2026/01/30 5:16 p.m.6 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS0.00311EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/30 5:16 p.m.3 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS6AI score0.00311EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/30 4:16 p.m.7 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:16 p.m.2 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/30 4:16 p.m.29 views

CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS0.00311EPSS
Exploits0References5
CVE
CVE
added 2026/01/30 4:16 p.m.10 views

CVE-2020-37014

CVE-2020-37014 affects Tryton 5.4. A persistent cross-site scripting (XSS) in the user profile name input allows remote attackers to inject script payloads, which execute in both frontend and backend user interfaces. Documented impact is a frontend/backend XSS; CVSS scores are provided (4.0: base...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5415

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References6
Huntr
Huntr
added 2023/03/10 8:42 a.m.29 views

stored XSS Protection bypass by changing the User Profile Name

Hello, I was able to bypass the XSS Vulnerability i reported before by using this Payload. Lets try first a normal XSS Payload which will not work for example - alert'1' - NOT WOKRING : lets try the bypass payload 1'" XSS Payload fired and its stored - let me show you stored XSS : - it is a store...

4.9CVSS5.2AI score0.00476EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/05 2:15 a.m.3 views

CVE-2022-26615

A cross-site scripting XSS vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields...

5.4CVSS6.3AI score0.00495EPSS
Exploits1References2
OSV
OSV
added 2022/04/05 2:15 a.m.1 views

CVE-2022-26615

A cross-site scripting XSS vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields...

5.4CVSS6.2AI score0.00495EPSS
Exploits1References1
NVD
NVD
added 2022/04/05 2:15 a.m.14 views

CVE-2022-26615

A cross-site scripting XSS vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields...

5.4CVSS0.00495EPSS
Exploits1References1
Prion
Prion
added 2022/04/05 2:15 a.m.12 views

Cross site scripting

A cross-site scripting XSS vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields...

3.5CVSS5.3AI score0.00495EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.6 views

College Website Content Management System 跨站脚本漏洞

College Website Content Management System is a college website management system by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in version 1.0 of the College Website Content Management System, which can be exploited by an attacker to execute arbitrary web...

5.4CVSS5.8AI score0.00495EPSS
Exploits1References3
Citrix
Citrix
added 2016/10/24 12:0 a.m.10 views

User Profile name changes from User Name to "My Documents" or "Documents"

Under certain circumstances, the Desktop.ini file may cause the User Profile folder name on the User Store to change from the User Name to "My Documents". If we delete the "desktop.ini" file in the "My Documents" folder, it changes the folder name back to the correct user name...

7AI score
Exploits0
Rows per page
Query Builder