PT-2026-45392

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create medicine presentation of the file /ShowForm/create medicine presentation/main. The manipulation of the argument medicine presentation leads to cross site scripting. The attac...

PT-2026-45369

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ Web versions prior to 5.19.7 Apache ActiveMQ Web versions 6.0.0 through 6.2.5 Description An improper neutralization of input during web page...

PT-2026-45439

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

PT-2026-45272

A vulnerability was found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission form check.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

PT-2026-45554

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability stems from improper...

sendportal code injection vulnerability

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the content parameter by the Campaign Handler component in the /webview/ file, which...

PT-2026-45278

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

SOPlanning Cross-Site Scripting Vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the taches parameter, which was vulnerable to reflection-type cross-site scripting attacks...

PT-2026-45391

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create supplier of the file /ShowForm/create supplier/main. Executing a manipulation of the argument company name can lead to cross site scripting. The attack can be launched...

PT-2026-45436

Name of the Vulnerable Software and Affected Versions e4jvikwp VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Improper neutralization of input during web page generation allows DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side scripts...

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability stems from improper...

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripting, which could allow external attackers...

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

py-xss-scanner

Python Reflected XSS Scanner A command-l...

[SECURITY] [DSA 6312-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6312-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq -...

OPENSUSE-SU-2026:20852-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...

CVE-2026-10173

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

EUVD-2026-33493

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

CVE-2026-10173

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...