1126505 matches found
CVE-2026-10246
CVE-2026-10246 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability is in the create_medicine_presentation function of the file /ShowForm/create_medicine_presentation/main, where manipulation of the medicine_presentation argument yields cross-site scripting. The issue...
CVE-2026-10246 SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...
EUVD-2026-33620
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...
CVE-2026-10246
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...
CVE-2026-10246 SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...
WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.6...
EUVD-2026-33618
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...
CVE-2026-10245
Technical details about CVE-2026-10245 are not provided in the connected documents. The Initial Description includes exploit info, but no additional technical specifics beyond what is stated. Monitor for updates.
CVE-2026-10245
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...
CVE-2026-10245 SourceCodester Pharmacy Sales and Inventory System main create_supplier cross site scripting
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...
CVE-2026-10245 SourceCodester Pharmacy Sales and Inventory System main create_supplier cross site scripting
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...
bastion-waf-simulator
BASTION — Web Application Firewall Simulator A real-time We...
WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ilay Striechman in WordPress Plugin CformsII versions = 15.1.3...
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
EUVD-2026-33617
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...
CVE-2026-8474
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...
CVE-2026-9024
A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...
CVE-2026-42253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...