CVE-2025-70092

A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...

CVE-2025-70092

A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...

CVE-2025-70092

A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...

Simple Shopping Cart additems.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter itemname in the file /Admin/additems.php against externally entered SQL statements. An attacker can exploit this...

CVE-2025-14247

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

CVE-2024-0274

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument itemname leads to sql injection. The attack can be launched remotely. Th...

PT-2024-15434 · Unknown · Kashipara Food Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Food Management System versions up to 1.0 Description: A critical issue has been found in the Kashipara Food Management System, affecting an unknown functionality of the file billAjax.php. The manipulation of the item name argument...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the itemname parameter of the billAjax.php file against external SQL input, and can be...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by a lack of validation of the itemname parameter of the itemlistsubmit.php file against externally-entered SQL...

CVE-2023-6775

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/itemcon. The manipulation of the argument itemname leads to cross site scripting. It is possible to initiate the attack remotely. T...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in CodeAstro POS and Inventory Management System version 1.0, which stems from an unknown section in /item/itemcon, leading to cross-site scripting via the...

PT-2023-32774 · Unknown · Codeastro Pos/Inventory Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro POS and Inventory Management System version 1.0 Description: A vulnerability was found in the CodeAstro POS and Inventory Management System, which has been classified as problematic. This issue affects an unknown part of the file...

CVE-2023-2691

A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/additem.php of the component POST Parameter Handler. The manipulation of the argument itemname leads to cross site scripting...

PT-2023-20842 · Sourcecodester · Sourcecodester Personnel Property Equipment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Personnel Property Equipment System. The issue affects an unknown function of the file admin/add item.php,...

SourceCodester Personnel Property Equipment System 跨站脚本漏洞

Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo personal developer. A cross-site scripting vulnerability exists in Personnel Property Equipment System v1.0, which stems from the lack of effective filtering and escaping of user-supplie...

CVE-2022-1380

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...

Stored Cross Site Scripting vulnerability in Item name parameter

Description Stored cross site scripting vulnerability on Item name parameter in Assest module. Add payload in item name and whenever the user add the item in his requested assest . The alert will trigger. Proof of Concept 1. Login to the demo account 2. Go to Asset functionality , add or edit an...