Code injection

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed...

Careerfy < 4.1.0 - Multiple Cross-Site Scripting (XSS) Issues

An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the Careerfy Job Board theme through 3.9.0 and 4.0.0 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will...

Mozilla / Firefox / Netscape exceptions information leak

On exception raise message contains path to application installation and sometimes user's profile path...

Cross site scripting

Cross-site scripting XSS vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormValprofile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability...

CVE-2006-1891

Cross-site scripting XSS vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormValprofile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability...