CVE-2025-12228

A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The...

PT-2025-43882

Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A flaw exists in projectworlds Expense Management System that allows for cross site scripting. The issue is located in an unknown function within the /public/admin/users/create fi...

EUVD-2007-5946

Malware in sbrugna...

EUVD-2025-25457

Malicious code in bioql PyPI...

CVE-2025-55742

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...

CVE-2025-55742 UnoPim Stored XSS via SVG MIME/Sanitizer Bypass

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...

CVE-2025-55742

CVE-2025-55742 concerns UnoPim, a Laravel-based open-source PIM. The vulnerability is a stored XSS in the user-creation endpoint (/admin/settings/users/create) caused by a SVG MIME/sanitizer bypass. It affects UnoPim versions before 0.2.1 and is fixed in 0.2.1. The issue arises from insufficient ...

PT-2025-34235 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.2.1 Description: UnoPim, an open-source Product Information Management PIM system built on the Laravel framework, contains a stored cross-site scripting vulnerability. The vulnerability is due to an SVG MIME/sanitiz...

CVE-2025-8059

The CVE refers to the WordPress B Blocks plugin (versions up to 2.0.6) with a privilege-escalation flaw caused by missing authorization and input validation in the rgfr_registration() function. This allows unauthenticated attackers to create a new account and grant it the administrator role. Publ...

FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-07072)

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.3 suffers from a cross-site request forgery vulnerability that can be exploited to add an administrator account via users/create/...

CVE-2018-20188

CVE-2018-20188 affects FUEL CMS 1.4.3, where a cross-site request forgery (CSRF) via the /users/create/ endpoint can be abused to add an administrator account. The connected Red Hat/ENISA/CNVD/NVD sources corroborate the same description, indicating the vulnerability status and impact as describe...

Fastspot BigTree CMS Cross-Site Scripting Vulnerability (CNVD-2018-12266)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in /users/create in Fastspot BigTree CMS. A remote attacker can exploit this vulnerability to inject scripts and attack highly...