43 matches found
EUVD-2004-1919
Malware in sbrugna...
EUVD-2025-23298
Malicious code in bioql PyPI...
EUVD-2022-7467
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...
Cross-site Scripting (XSS)
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...
GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
PT-2025-31569 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...
BIT-MOODLE-2024-43429 Moodle: user information visibility control issues in gradebook reports
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information...
PT-2024-12259 · Unknown · Display Custom Fields In The Frontend – Post/User Profile Fields
Name of the Vulnerable Software and Affected Versions: Display custom fields in the frontend – Post and User Profile Fields versions 1.2.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security...
Sensitive Information Exposure
Moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to hidden user profile fields being visible in gradebook reports, allowing users without the "view hidden user fields" capability to access restricted information...
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6982 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...
Cross site scripting
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...
CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...
WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...
CVE-2022-40288
The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...
CVE-2007-4912
Cross-site scripting XSS vulnerability in ipskernel/classajax.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8...