Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded yesterday4 views

EUVD-2026-34157

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/04 1:20 p.m.3 views

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00057EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:33 a.m.1 views

CVE-2023-1131

A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRSTNAME/LASTNAME/PHONENUMBER leads to cross site scripting. The attack...

6.1CVSS6AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2023/09/01 2:15 p.m.0 views

CVE-2023-39710

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section...

6.1CVSS6.5AI score0.0017EPSS
Exploits1References4
OSV
OSVadded 2023/09/01 2:15 p.m.1 views

CVE-2023-39710

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section...

6.1CVSS5.9AI score0.0017EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/02/07 12:0 a.m.2 views

OTRS 信息泄露漏洞

OTRS AG OTRSCustomContactFields is an OTRS custom contact fields plugin from OTRS Germany.An information disclosure vulnerability exists in OTRS AG OTRSCustomContactFields, which could be exploited by an attacker to obtain the full list of recipients in a contact field from a customer...

3.5CVSS5.6AI score0.00209EPSS
Exploits0References3
CNVD
CNVDadded 2017/09/06 12:0 a.m.2 views

Shopware content management system backend module cross-site scripting vulnerability

Shopware is the German Shopware company's open source e-commerce software. content management system backend modules is one of the content system backend module. A cross-site scripting vulnerability exists in the customer and order section of the content management system backend module in Shopwa...

6.1CVSS6.1AI score0.03459EPSS
Exploits7References1
Rows per page
Query Builder