Lucene search
K

43 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-1919

Malware in sbrugna...

7.5CVSS6.4AI score0.07466EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-23298

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00467EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-7467

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00655EPSS
Exploits0References14
Veracode
Veracode
added 2025/08/20 11:3 a.m.4 views

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...

7.6CVSS6.5AI score0.00467EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/07/31 6:32 p.m.5 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...

7.6CVSS5.6AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 6:32 p.m.4 views

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

4.8CVSS5.2AI score0.00467EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/31 6:32 p.m.11 views

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/07/31 6:15 p.m.6 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.10 views

PT-2025-31569 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References11
OSV
OSV
added 2025/05/02 6:18 a.m.6 views

BIT-MOODLE-2024-43429 Moodle: user information visibility control issues in gradebook reports

A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information...

5.3CVSS5.4AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.3 views

PT-2024-12259 · Unknown · Display Custom Fields In The Frontend – Post/User Profile Fields

Name of the Vulnerable Software and Affected Versions: Display custom fields in the frontend – Post and User Profile Fields versions 1.2.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security...

4.3CVSS9.3AI score0.00419EPSS
Exploits0References3
Veracode
Veracode
added 2024/12/04 7:16 a.m.10 views

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to hidden user profile fields being visible in gradebook reports, allowing users without the "view hidden user fields" capability to access restricted information...

5.3CVSS6.5AI score0.00323EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/02/05 10:15 p.m.25 views

CVE-2023-6983

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

4.3CVSS4.3AI score0.00472EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.40 views

CVE-2023-6982 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5.8AI score0.00416EPSS
Exploits0References2
Prion
Prion
added 2023/01/30 9:15 p.m.15 views

Cross site scripting

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...

4.9CVSS5.4AI score0.00548EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.33 views

CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...

5.6AI score0.00548EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/06 12:0 a.m.17 views

WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...

5.4CVSS5.9AI score0.00548EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.7 views

CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

7AI score0.00655EPSS
Exploits0References6
OSV
OSV
added 2022/10/31 9:15 p.m.5 views

CVE-2022-40288

The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...

9CVSS5.8AI score0.00621EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/09/17 5:0 p.m.20 views

CVE-2007-4912

Cross-site scripting XSS vulnerability in ipskernel/classajax.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8...

5.6AI score0.01065EPSS
Exploits0References5
Rows per page
Query Builder