23 matches found
CVE-2026-25594
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
CVE-2026-25594
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
CVE-2026-25594
InvoicePlane 1.7.0 is affected by a Stored Cross-Site Scripting (XSS) in the Family Name field. The family_name value is rendered unencoded in the product form’s dropdown, enabling an attacker with the ability to create a family using a malicious name to execute script in an administrator’s brows...
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
InvoicePlane 跨站脚本漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from the Family Name field not bei...
PT-2026-20550
Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to 1.7.1 Description InvoicePlane is a self-hosted open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists in the family name field in version 1.7.0...
CVE-2024-36647
A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
CVE-2024-36647
A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
CVE-2024-36647
A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
CVE-2024-36647
A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
CVE-2024-36647
Church CRM v5.8.0 is affected by a stored XSS vulnerability where a crafted payload in the Family Name field on the Register a New Family page can execute arbitrary web scripts/HTML. The CVE-2024-36647 entry aligns with multiple sources (NVD, OSV, CVE records) describing a stored XSS with impact ...
PT-2024-27105
Name of the Vulnerable Software and Affected Versions Church CRM version 5.8.0 Description A stored cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
ChurchCRM Security Breach
ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v5.8.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Family Name parameter under the Register a New...
August 26, 2021—KB5005102 (OS Build 17763.2145) Preview
August 26, 2021—KB5005102 OS Build 17763.2145 Preview 6/15/21 IMPORTANT This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the Update on Adobe Flash Player End of Support. 11/17/20 For information about Windows...
Synology CardDAV Server Cross-Site Scripting Vulnerability
Synology CardDAV Server is a Synology application for synchronizing address books, and Address Book Editor is one of the address book editors. A cross-site scripting vulnerability exists in Address Book Editor in Synology CardDAV Server versions prior to 6.0.8-0086. The vulnerability can be...
Cross site scripting
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
CVE-2018-8928
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects
The vulnerability of the DirectWriteFontInfo::LoadFontFamilyData function gfx/thebes/gfxDWriteFontList.cpp in the Firefox browser is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially have other unspecified effects throu...