8 matches found
CVE-2025-40679 HTML injection in Isshue from Bdtask
HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...
CVE-2025-40679
CVE-2025-40679 describes an HTML injection in Isshue by Bdtask resulting from insufficient validation of the product_name input in a POST to /category_product_search (or variant paths in connected records). Affected component is the Isshue module of Bdtask software; root cause is improper input v...
PT-2026-1596
Name of the Vulnerable Software and Affected Versions Stylish Order Form Builder plugin for WordPress versions prior to 1.1 Description The Stylish Order Form Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escapi...
CVE-2025-15149
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Search Result widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's browser by...
CVE-2023-1857
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manageproduct&id=2. The manipulation of the argument Product Name leads to cross site scripting. Th...
SUSE CVE-2014-8630
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...
CVE-2023-23026
Cross site scripting XSS vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the productname and productprice inputs in file print.php...