CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

CVE-2019-25405

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...

PT-2026-20808

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...

Code-Projects Traffic Offense Reporting System 代码注入漏洞

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System has a cross-site scripting vulnerability that originates from the parameter offenseid/vehicleno/driverlicense/name/address/gender/officer in the file /save-reported.php. The lack of effectiv...

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires...

PT-2024-13741 · Unknown · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: YetiForceCRM versions 6.4.0 and before Description: A Directory Traversal issue allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. Recommendations: For version...

YetiForceCrm Security Vulnerability

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A security vulnerability exists in YetiForce YetiForceCRM 6.4.0 and earlier versions, which originates from a vulnerability that allows an authenticated, remote attacker to obtain sensitive information via the license...

CVE-2021-43329

A SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter...

PT-2018-13099 · Reprise · Reprise License Manager

Name of the Vulnerable Software and Affected Versions: Reprise License Manager RLM versions through 12.2BL2 Description: The issue is related to a cross-site scripting vulnerability in the license editor. It affects the "/goform/edit lf get data" endpoint, specifically the lf parameter, which can...