33 matches found
CVE-2022-35601
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35601
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35603
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
PT-2022-22917 · Unknown · Sazanrjb Inventorymanagementsystem
Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue in SupplierDAO.java allows attackers to execute arbitrary SQL commands via the searchTxt parameter. This enables unauthorized access and manipulation of databas...
InventoryManagementSystem SQL注入漏洞
InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...
CVE-2020-36412
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...
CVE-2020-36412
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...
CMS Made Simple 跨站脚本漏洞
CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...
CVE-2019-9207
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued...
OLX: XSS on Home page olx.com.ar via auto save search text
Hi guys, I found XSS vulnerability on Home page olx.com.ar via auto save search text 1. Copy full link and go to the URL in browser: https://www.olx.com.ar/nf/search/xss%22-'%20%22%3E%3Ciframe/src%20////onload%20=%20alertdocument.cookie%20onerror=alertdocument.cookie 2. Click logo button go back ...
Multiple Cross-Site Scripting Vulnerabilities in ZOHO ManageEngine ADManager Plus
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
PT-2008-2890 · Zoho · Manageengine Servicedesk Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ServiceDesk Plus version 7.0.0 Build 7011 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the searchText parameter in the...
Speedwiki 2.0 Arbitrary File Upload Vulnerability
product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...