23 matches found
CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...
CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...
CVE-2025-70091
OpenSourcePOS v3.4.1 contains a cross-site scripting (XSS) vulnerability in the Customers function. The issue arises from unsafely handling input in the Phone Number parameter, enabling arbitrary scripts in the victim’s browser. Root cause: insufficient input sanitization for the Phone Number fie...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...
CVE-2025-70091
A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...
CVE-2025-66923
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phonenumber parameter...
CVE-2025-66923
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phonenumber parameter...
CVE-2025-66923
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phonenumber parameter...
CVE-2025-66923
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phonenumber parameter...
CVE-2025-66923
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phonenumber parameter...
CVE-2025-66923
Open Source Point of Sale (OSPOS) v3.4.1 contains a Cross‑Site Scripting (XSS) vulnerability in the Create/Update Customer(s) flow, exploitable via the phone_number parameter. The issue can lead to arbitrary script/HTML execution in the browser, with CVSSv3.1 base score 7.2 (HIGH) and impact on c...
PT-2025-51848
A Cross-site scripting XSS vulnerability in Create/Update Customers in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone number parameter...
Open Source Point of Sale 安全漏洞
Open Source Point of Sale is a web-based point of sale system. A security vulnerability exists in Open Source Point of Sale version 3.4.1, which stems from an unvalidated phonenumber parameter that could lead to a cross-site scripting attack...
EUVD-2025-10320
Malicious code in bioql PyPI...
PHPGurukul Boat Booking System 跨站脚本漏洞
PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A cross-site scripting vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from a cross-site scripting flaw in the phonenumber parameter in the book-boat.php?bid=1 page of the Book a Boat...
CVE-2024-7942
A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phonenumber leads to cross site scripting. The attack can be initiated remotely. The exploi...
PT-2024-38754 · Genexis · Genexis Tilgin Home Gateway
Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec...