Lucene search
+L

107 matches found

NVD
NVD
added 2026/07/09 9:16 p.m.5 views

CVE-2026-60120

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:43 p.m.6 views

CVE-2026-60120

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.20 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 2:16 a.m.19 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 1:30 a.m.25 views

CVE-2026-9414

CVE-2026-9414 affects SourceCodester’s Indian Invoicing System (invoices module) specifically the Invoice Template Render Database-Backed component. A vulnerability in add_order.php allows manipulation of the customer_name parameter to trigger cross-site scripting (XSS). The flaw is exploitable r...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/25 1:30 a.m.8 views

CVE-2026-9414 SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 1:30 a.m.8 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/25 1:30 a.m.13 views

EUVD-2026-31616

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 12:45 a.m.44 views

CVE-2026-9411 SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 12:45 a.m.13 views

EUVD-2026-31614

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.21 views

PT-2026-42982

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer name/category results in sql injection. The...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

SourceCodester Indian Invoicing System 代码注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. A code injection vulnerability exists in SourceCodester Indian Invoicing System version 0.x and earlier and version 1.0, which originates from the Invoice Template Render Database-Backed component's...

5.1CVSS5.4AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

SourceCodester Indian Invoicing System SQL注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. SourceCodester Indian Invoicing System version 1.0 suffers from a SQL injection vulnerability that stems from the Invoice Generation Handler component's manipulation of the parameter...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.24 views

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/04/29 3:45 p.m.11 views

CVE-2026-7390

The CVE affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the Customer function of /index.php?page=customer, where manipulating the Name parameter yields cross-site scripting (XSS). Attack surface is remote with a public exploit. No remediation details a...

5.1CVSS3.7AI score0.00195EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/29 3:45 p.m.8 views

EUVD-2026-26253

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.6AI score0.00195EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 4:6 p.m.4 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS6AI score0.00242EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/07 8:37 p.m.2 views

CVE-2026-32712 Open Source Point of Sale has Stored XSS in Customer Name (Sales)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...

5.4CVSS6AI score0.00169EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder