49 matches found
CVE-2026-11518
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...
PT-2026-47292
Name of the Vulnerable Software and Affected Versions SourceCodester Inventory System version 1.0 Description Cross site scripting can be triggered remotely via the User Management Page component in the file '/users.php'. The issue occurs through the manipulation of the fullname or username...
SourceCodester Inventory System 跨站脚本漏洞
The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from the handling of parameters fullname and username in the users.php componen...
EUVD-2026-33582
A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...
EUVD-2020-21318
Malware in sbrugna...
EUVD-2022-24430
Malicious code in bioql PyPI...
EUVD-2022-53517
Malicious code in bioql PyPI...
EUVD-2022-34293
Malicious code in bioql PyPI...
EUVD-2022-45306
Malicious code in bioql PyPI...
EUVD-2025-30751
Malicious code in bioql PyPI...
EUVD-2024-51040
Malicious code in bioql PyPI...
CVE-2025-59797
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...
CVE-2025-59797
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...
CVE-2025-59797
Profession Fit 5.0.99 Build 44910 contains an authorization bypass vulnerability. The issue allows access via a direct request to the API endpoint /api/challenges/{id} and direct URL access to the eversports, user-management, and plane pages, indicating insufficient access control on these resour...
CVE-2024-12666
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...
CVE-2023-50339
Stored cross-site scripting vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...
CVE-2022-31941
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manageuser=...
CVE-2022-1086
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2022-29739
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manageuser=...
CVE-2021-28382
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...