Lucene search
K

22 matches found

NVD
NVD
added 2025/10/19 10:15 p.m.8 views

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

5.4CVSS0.00329EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2438

Malware in sbrugna...

5.4CVSS5.4AI score0.0083EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29620

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00161EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/30 9:38 a.m.6 views

CVE-2025-10341

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

6.1CVSS7AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 8:36 a.m.2 views

CVE-2025-10341 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

5.3CVSS6.7AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 8:36 a.m.17 views

CVE-2025-10341

Summary: CVE-2025-10341 affects Perfex CRM v3.2.1 with a stored HTML injection vulnerability in the /clients/client/x endpoint. The issue arises from insufficient validation of the POST parameter “company,” enabling stored HTML injection. Affected software: Perfex CRM 3.2.1 (web application). Vul...

6.1CVSS6.7AI score0.00221EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/18 1:39 a.m.16 views

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

5.4CVSS5.7AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 3:15 p.m.4 views

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 3:15 p.m.14 views

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

5.4CVSS0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:0 a.m.7 views

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.2 views

Code-Projects Document Management System 安全漏洞

Code-Projects Document Management System is an open source document management system from Code-Projects. A security vulnerability exists in Code-Projects Document Management System version 1.0, which stems from a failure to filter malicious cross-site scripting code in the Company field when...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.4 views

PT-2025-37995

Name of the Vulnerable Software and Affected Versions: code-projects Document Management System version 1.0 Description: The Document Management System contains a Cross Site Scripting XSS flaw. An attacker can exploit this issue to leak an administrator's cookie information by injecting malicious...

5.4CVSS5.7AI score0.00161EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/16 12:0 a.m.3 views

CVE-2025-56289

code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...

5.3AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2023/10/20 4:15 a.m.5 views

CVE-2023-45394

Stored Cross-Site Scripting XSS vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover...

5.4CVSS5.8AI score0.00359EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/20 4:15 a.m.4 views

CVE-2023-45394

Stored Cross-Site Scripting XSS vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover...

5.4CVSS6.1AI score0.00359EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/09/08 6:15 p.m.4 views

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

6.1CVSS6.5AI score0.00583EPSS
Exploits0References4
OSV
OSV
added 2023/09/08 6:15 p.m.6 views

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

6.1CVSS5.9AI score0.00583EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/28 7:15 p.m.3 views

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

6.1CVSS6.5AI score0.00541EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.4 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system from the individual developers of stemword. A security vulnerability exists in Free and Open Source Inventory Management System v1.0 that could allow an attacker to execute arbitrary web script or HTML by injecting a crafted payload in...

6.1CVSS6.6AI score0.00541EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.3 views

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the company...

8.8CVSS8.2AI score0.01049EPSS
Exploits1References4
Rows per page
Query Builder