CVE-2020-37022

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

CVE-2020-37022 OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

EUVD-2020-30958

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

CVE-2020-37022

CVE-2020-37022 refers to OpenZ ERP 3.6.60 with a persistent cross-site scripting vulnerability in the Employee module’s name and description fields. Attacks can inject scripts via POST flows that target these parameters, enabling session hijacking and manipulation of application modules. The conn...

OpenZ Cross-Site Script Vulnerabilities

OpenZ is an enterprise resource planning system developed by the German company OpenZ. Version 3.6.60 of OpenZ contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of parameters related to the name and description of the Employee module, which may lead to...

PT-2026-5417

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

EUVD-2020-21341

Malware in sbrugna...

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...

Improper Authorization in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Employee Module, any user with the User Type as Regular User could export employee records via /index.php?entryPoint=export endpoint. The prerequisite of this attack is by knowing the user record ID which can be obtained in the employees' section. The...

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...

Sugarcrm SugarCRM 跨站脚本漏洞

SugarCRM is a set of open source customer relationship management software . A cross-site scripting vulnerability exists in the Create Employee module of SugarCRM version 6.5.18. The vulnerability can be exploited to execute arbitrary web script or HTML via the "First Name" or "Last Name" input...

SugarCRM v6.5.18 - Employee Persistent XSS Vulnerability

Document Title: =============== SugarCRM v6.5.18 - Employee Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2257 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID VL-ID: ====================================...

OpenZ ERP 3.6.60 Cross Site Scripting

Document Title: =============== OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2234 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ====================================...