EUVD-2023-43354

Malicious code in bioql PyPI...

EUVD-2022-3210

Malicious code in bioql PyPI...

CVE-2025-57204

Stocky POS with Inventory Management & HRM ui-lib version 5.0 is affected by a Stored Cross-Site Scripting XSS vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted to the product-creation endpoint via a standa...

Linux Distros Unpatched Vulnerability : CVE-2024-55228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2023-39647

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” tvcmscategoryproduct up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions...

GHSA-X2J8-VJG7-386R Dolibarr Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

Dolibarr Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

UBUNTU-CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

PT-2025-3106 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 21.0.0-beta Description: A cross-site scripting XSS vulnerability in the Product module of Dolibarr allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This issue...

Dolibarr 安全漏洞

Dolibarr is a Dolibarr open source application. It can help manage the activities of user organizations. A security vulnerability exists in Dolibarr v21.0.0-beta, which stems from the vulnerability of the Product module to a cross-site scripting attack, where an attacker can execute arbitrary web...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2023-39647

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” tvcmscategoryproduct up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. PrestaShop suffers from an SQL injection vulnerability that originates from improper neutralization of SQL parameters ...

GHSA-8PFQ-G48P-X7W8 Magento Insecure Direct Object Reference (IDOR) in the product module

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources...

Magento Insecure Direct Object Reference (IDOR) in the product module

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources...

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before. Proof of Concept alertdocument.domain;...

File Inclusion Vulnerability in PHPSCUP

PHPSCUP is a set of pursuit of simplicity and ease of use of the system, the system is built-in business profile module, news module, product module, talent module, online message module and so on. PHPSCUP file contains a vulnerability that can be exploited by attackers to obtain server control...

PT-2021-2949 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an insecure direct object reference IDOR in the product module, which could lead to unauthorized...