Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2022-45816

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00356EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2021-32178

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00946EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/22 11:59 p.m.4 views

CVE-2022-42753

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

6.1CVSS6.1AI score0.00356EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 6:53 p.m.3 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS7.8AI score0.00946EPSS
Exploits1
OSV
OSVadded 2022/11/03 6:15 p.m.1 views

CVE-2022-42753

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

6.1CVSS5.9AI score
Exploits0References2
NVD
NVDadded 2022/11/03 6:15 p.m.7 views

CVE-2022-42753

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

6.1CVSS0.00356EPSS
Exploits1References2
Prion
Prionadded 2022/11/03 6:15 p.m.9 views

Cross site scripting

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

5.8CVSS6AI score0.00356EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/11/03 12:0 a.m.1 views

PT-2022-26543 · Salonerp · Salonerp

Name of the Vulnerable Software and Affected Versions: SalonERP version 3.0.2 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. Recommendations: Fo...

6.1CVSS6AI score0.00356EPSS
Exploits1References7
CNNVD
CNNVDadded 2022/11/03 12:0 a.m.1 views

SalonERP 跨站脚本漏洞

SalonERP is a salon management software by Thomas Sparber, a personal developer. A security vulnerability exists in SalonERP version 3.0.2 that stems from not properly validating page parameters. An attacker could use this vulnerability to steal an arbitrary user's cookie...

6.1CVSS6.4AI score0.00356EPSS
Exploits1References3
Cvelist
Cvelistadded 2022/11/03 12:0 a.m.11 views

CVE-2022-42753

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

6.2AI score0.00356EPSS
Exploits1References2
CVE
CVEadded 2022/11/03 12:0 a.m.47 views

CVE-2022-42753

SalonERP 3.0.2 is vulnerable to an external attacker stealing arbitrary users’ cookies due to improper validation of the page parameter against XSS. The root cause is inadequate input validation that allows cookie theft through XSS-like manipulation. Impact is confidentiality (cookie leakage) wit...

6.1CVSS6AI score0.00356EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/11/03 12:0 a.m.4 views

CVE-2022-42753

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

6.1AI score0.00356EPSS
Exploits1References2
NVD
NVDadded 2022/01/14 8:15 p.m.8 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS0.00946EPSS
Exploits1References3
OSV
OSVadded 2022/01/14 8:15 p.m.1 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS5.8AI score
Exploits0References3
Prion
Prionadded 2022/01/14 8:15 p.m.9 views

Sql injection

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

6.5CVSS8.8AI score0.00946EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2022/01/14 7:25 p.m.35 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payloads via the 'sql' parameter during report generation. This can lead to exposure of the admin password hash, which reportedly can be decrypted to obtain the plaintext password. No explicit fix is provided in the sup...

8.8CVSS8.8AI score0.00946EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/01/14 7:25 p.m.9 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

9.1AI score0.00946EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/01/14 12:0 a.m.2 views

SalonErp SQL注入漏洞

SalonErp is a salon management software by Thomas Sparber Personal Developer. A SQL injection vulnerability exists in SalonERP 3.0.1. The vulnerability allows an attacker to inject payloads using sql parameters in SQL queries when generating reports. After successfully discovering the login...

8.8CVSS8.2AI score0.00946EPSS
Exploits1References4
0day.today
0day.todayadded 2022/01/13 12:0 a.m.245 views

SalonERP 3.0.1 - (sql) SQL Injection Vulnerability

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

0.1AI score
Exploits0
Packet Storm
Packet Stormadded 2022/01/13 12:0 a.m.307 views

SalonERP 3.0.1 SQL Injection

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

Exploits0
Rows per page
Query Builder