CVE-2026-40589 FreeScout has Customer Edit Cross-Mailbox Email Takeover

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

EUVD-2025-29162

Malicious code in bioql PyPI...

CVE-2025-10435 Campcodes Computer Sales and Inventory System cust_edit1.php sql injection

A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custedit1.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been...

CampCodes Computer Sales and Inventory System SQL注入漏洞

CampCodes Computer Sales and Inventory System is a computerized sales and inventory system from CampCodes Philippines, Inc. CampCodes Computer Sales and Inventory System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file...

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack...

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

PT-2023-23537 · Unknown · Online Travel Agency System

Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the costomer id parameter at the "customer edit.php" endpoint. This enables the attacker to manipulate database...