Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/01/20 11:53 a.m.20 views

CVE-2025-40679 HTML injection in Isshue from Bdtask

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...

5.1CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 11:53 a.m.13 views

CVE-2025-40679

CVE-2025-40679 describes an HTML injection in Isshue by Bdtask resulting from insufficient validation of the product_name input in a POST to /category_product_search (or variant paths in connected records). Affected component is the Isshue module of Bdtask software; root cause is improper input v...

5.1CVSS5.5AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1596

Name of the Vulnerable Software and Affected Versions Stylish Order Form Builder plugin for WordPress versions prior to 1.1 Description The Stylish Order Form Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escapi...

6.4CVSS6AI score0.00243EPSS
Exploits0References7
NVD
NVD
added 2025/12/28 7:15 p.m.7 views

CVE-2025-15149

A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument...

4.8CVSS0.00206EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/08 12:31 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Search Result widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's browser by...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2023/04/05 8:15 a.m.3 views

CVE-2023-1857

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manageproduct&id=2. The manipulation of the argument Product Name leads to cross site scripting. Th...

6.1CVSS3.8AI score0.00611EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.4 views

SUSE CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...

6.5CVSS7.3AI score0.0204EPSS
Exploits0References3
OSV
OSV
added 2023/02/07 11:15 p.m.3 views

CVE-2023-23026

Cross site scripting XSS vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the productname and productprice inputs in file print.php...

6.1CVSS6.5AI score0.00534EPSS
Exploits1References1
Rows per page
Query Builder