EUVD-2026-23877

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-6651

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

ERP Online 安全漏洞

ERP Online is an enterprise management system developed by ERP Online Company. Versions of ERP Online 4.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of parameters named “Item Name” in the “Inventory Edit Item Page” component, which cou...

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2025-13233

A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to...

CVE-2025-11279

A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2025-11279

A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2025-11279

The CVE-2025-11279 entry concerns Axosoft Scrum and Bug Tracking 22.1.1.11545. The vulnerability affects the Add Work Item Page, where manipulation of the Title argument leads to a CSV injection. It is a network-accessible issue with low privileges and low impact on confidentiality, integrity, an...

Axosoft Scrum and Bug Tracking 安全漏洞

Axosoft Scrum and Bug Tracking is an Agile project management and defect tracking software from Axosoft Corporation, USA. A security vulnerability exists in Axosoft Scrum and Bug Tracking version 22.1.1.11545, which stems from an incorrect manipulation of the parameter Title in the Add Work Item...

EUVD-2025-16229

Malicious code in bioql PyPI...

EUVD-2022-4577

Malicious code in bioql PyPI...

CVE-2025-5134

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-5134

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-5134

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-5134

CVE-2025-5134 affects Tmall Demo up to 20250505, specifically the Buy Item Page’s Detailed Address parameter, enabling cross-site scripting. Exploitable remotely; exploit disclosed publicly. No version details or patch information provided in the sources; some reports suggest restricting the Deta...

CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

SourceCodester E-Commerce System 安全漏洞

SourceCodester E-Commerce System is an e-commerce system from SourceCodester Inc. A security vulnerability exists in the SourceCodester E-Commerce System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the /ecommerce/popupItem.php page...

CVE-2024-0422

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /newitem of the component New Item Creation Page. The manipulation of the argument newitem leads to cross sit...