CVE-2026-36341

CVE-2026-36341 : Webkul Krayin CRM 2.1.5 contains a Cross-Site Scripting (XSS) flaw in the comment input during Activity creation via the /admin/activities/create endpoint. The root cause is inadequate sanitization of user-supplied input in the comment field. The CVSS v3.1 base score is 5.4 (Medi...

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the markDownToHTML function. An attacker can execute arbitrary JavaScript in the context of another user's browser session by crafting ...

CVE-2025-61196

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter...

EUVD-2025-37045

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments unput parameter...

CVE-2025-61196

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter...

BusinessNext CRMnext 安全漏洞

BusinessNext CRMnext is a customer management platform from BusinessNext India. A security vulnerability exists in BusinessNext CRMnext version 10.8.3.0, which stems from improper handling of the comments input parameter and could lead to remote execution of arbitrary code...

PT-2025-44435

Name of the Vulnerable Software and Affected Versions BusinessNext CRMnext version 10.8.3.0 Description An issue in BusinessNext CRMnext version 10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter. The issue involves the comments parameter, which can be...

CVE-2025-61196

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter...

CVE-2025-61196

CVE-2025-61196 affects BusinessNext CRMnext v10.8.3.0. The issue enables remote code execution via the comments input parameter due to improper handling of that input. Multiple sources (Red Hat, NVD, NVD mirrors, EUVD, CNNVD, CVE list) corroborate the vulnerability across the same product/version...

CVE-2022-22791

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...

Nextcloud: HTML injection with AutoComplete suggestions

As user1 set your displayname to Name 2. As user2 autocomplete the name in the comments input or Talk chat input 3. Click on the user name you just autocompleted User2 is redirected to https://nextcloud.com Only works with HTML, not with script Impact User1 can trick user2 to render any html...