11 matches found
CVE-2026-8253
Devs Palace ERP Online (up to v4.0.0) contains an XSS vulnerability in the /inventory/purchase_save functionality. The issue arises from manipulation of an unknown component, allowing remote initiation of an attack. Exploit appears to be public. Vendor has not responded to disclosures. No remedia...
CVE-2026-3070
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...
HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29211)
"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504424; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29211";...
CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...
CVE-2025-9922
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has bee...
PT-2025-33743 · Scada-Lts · Scada-Lts
Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security issue exists in Scada-LTS 2.7.8.1 related to the processing of the view edit.shtm file within the SVG File Handler component. Manipulation of the backgroundImageMP argument can lead to...
PT-2024-16850 · Ibphoenix · Ibphoenix Ibwebadmin
Name of the Vulnerable Software and Affected Versions: IBPhoenix ibWebAdmin versions up to 1.0.2 Description: A vulnerability was found in IBPhoenix ibWebAdmin, affecting some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db log...
CVE-2024-10747
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdatath.php. The manipulation of the argument scripts leads to cross site scripting. The...
CVE-2023-2425
A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=savecourse of the component Add New Course. The manipulation of the argument name with the input...
PT-2023-15895 · Unknown · Capsadmin Pac3
Name of the Vulnerable Software and Affected Versions: CapsAdmin PAC3 affected versions not specified Description: A problematic issue was found in CapsAdmin PAC3, affecting some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the url argument leads to...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. The vulnerability in Microsoft Dynamics with the attribute CVE-2020-16943 allows a malicious person to access sensitive data. The vulnerabilities with the attributes CVE-2020-16956 and CVE-2020-16978 enable a remote maliciou...