Lucene search
K

49 matches found

NVD
NVD
added 2026/06/08 3:16 p.m.13 views

CVE-2026-11518

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

5.3CVSS0.00388EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47292

Name of the Vulnerable Software and Affected Versions SourceCodester Inventory System version 1.0 Description Cross site scripting can be triggered remotely via the User Management Page component in the file '/users.php'. The issue occurs through the manipulation of the fullname or username...

5.3CVSS5.2AI score0.00388EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

SourceCodester Inventory System 跨站脚本漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from the handling of parameters fullname and username in the users.php componen...

5.3CVSS4.6AI score0.00388EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:45 a.m.14 views

EUVD-2026-33582

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS5.6AI score0.00262EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-21318

Malware in sbrugna...

5.4CVSS5.6AI score0.00625EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-24430

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00614EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-53517

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00888EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-34293

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01068EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-45306

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00617EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30751

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-51040

Malicious code in bioql PyPI...

8.8CVSS5AI score0.00487EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/24 12:28 a.m.15 views

CVE-2025-59797

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...

5.8CVSS6.9AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 1:16 p.m.17 views

CVE-2025-59797

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...

5.8CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 12:0 a.m.17 views

CVE-2025-59797

Profession Fit 5.0.99 Build 44910 contains an authorization bypass vulnerability. The issue allows access via a direct request to the API endpoint /api/challenges/{id} and direct URL access to the eversports, user-management, and plane pages, indicating insufficient access control on these resour...

5.8CVSS6.5AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.4 views

CVE-2024-12666

A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...

8.8CVSS6.9AI score0.00487EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:9 a.m.7 views

CVE-2023-50339

Stored cross-site scripting vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

5.4CVSS6AI score0.00298EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:55 p.m.8 views

CVE-2022-31941

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manageuser=...

9.8CVSS8.1AI score0.01002EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:16 p.m.7 views

CVE-2022-1086

A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.4CVSS6.1AI score0.00614EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.7 views

CVE-2022-29739

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manageuser=...

9.8CVSS8.1AI score0.01068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:33 p.m.8 views

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

5.4CVSS5.9AI score0.01165EPSS
Exploits1References1
Rows per page
Query Builder