Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 8:5 p.m.5 views

CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/31 8:5 p.m.23 views

CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS0.00245EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 7:44 p.m.5 views

CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:44 p.m.5 views

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29342

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/30 3:32 p.m.7 views

EUVD-2026-17095

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/13 1:31 a.m.10 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

9CVSS5.6AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 4:16 p.m.8 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

9CVSS0.00142EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/12 4:16 p.m.6 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

9CVSS5.9AI score0.00142EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.12 views

Dolibarr ERP & CRM 安全漏洞

Dolibarr ERP & CRM is an enterprise management software developed under the open-source license of Dolibarr. Version 22.0.9 of Dolibarr ERP & CRM contains a security vulnerability. This vulnerability stems from the notes field in the perms.php file, where cross-site request forgery attacks may...

9CVSS5.7AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7852

Name of the Vulnerable Software and Affected Versions Dolibarr ERP & CRM version 22.0.9 Description A Cross Site Request Forgery issue exists in Dolibarr ERP & CRM version 22.0.9. A remote attacker may be able to escalate privileges through the notes field in the perms.php file. It is noted that...

9CVSS5.4AI score0.00142EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.4 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php...

9CVSS5.6AI score0.00142EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 12:0 a.m.10 views

CVE-2025-69634

Dolibarr ERP & CRM 22.0.9 is affected by a Cross Site Request Forgery vulnerability that could allow a remote attacker to escalate privileges via the notes field in perms.php. The issue is described across multiple sources (NVD/NVD-derived entries, Red Hat, UBUNTU, OSV, vulnerability enrichments)...

9CVSS5.6AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 12:0 a.m.40 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47855

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

7.2CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/21 5:27 p.m.3 views

CVE-2021-47855 Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 5:27 p.m.10 views

CVE-2021-47855

Openlitespeed 1.7.9 is affected by CVE-2021-47855, a stored cross-site scripting vulnerability in the dashboard Notes parameter. The issue allows an attacker to craft a payload in the Notes field during listener configuration that will execute when an administrator clicks the Default Icon, enabli...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.9 views

CVE-2021-33231

Cross Site Scripting XSS vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field...

5.4CVSS6.3AI score0.00535EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.12 views

CVE-2025-63640

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...

6.1CVSS6.3AI score0.0022EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 9:31 p.m.4 views

EUVD-2025-38300

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...

5.8AI score0.0022EPSS
Exploits1References3
Rows per page
Query Builder