41 matches found
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312
CVE-2019-25312 affects InoERP 0.7.2, introducing a persistent cross-site scripting (XSS) vulnerability in the comment section. The issue allows unauthenticated attackers to submit comments containing JavaScript payloads that execute in other users’ browsers, with potential cookie and session info...
inoERP 跨站脚本漏洞
inoERP is an open-source enterprise management system developed by Nishit as a personal project. Version 0.7.2 of inoERP contains a cross-site scripting vulnerability. This vulnerability stems from the comment section, where stored cross-site scripts may allow unverified attackers to inject...
EUVD-2019-7392
Malware in sbrugna...
EUVD-2020-21261
Malware in sbrugna...
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
inoERP download.php Insecure Deserialization (CVE-2019-16894)
An Insecure Deserialization vulnerability exists in Inoideas inoERP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
InoERP Remote Code Execution (CVE-2020-28870)
A remote code execution vulnerability exists in InoERP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
Code injection
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
CVE-2020-28870
CVE-2020-28870 affects InoERP 0.7.2, where lack of validations in /modules/sys/form_personalization/json_fp.php enables an unauthorized attacker to execute arbitrary server-side code. Multiple sources (NVD, Red Hat advisory, other vendor trackers) document remote code execution potential with hig...
inoERP Input Validation Error Vulnerability
inoERP is an open source PHP-based enterprise management system. An input validation error vulnerability exists in InoERP that arises from a network system or product that does not properly validate input data...
inoERP form personalization module command execution
Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...