Lucene search
+L

55 matches found

Cvelist
Cvelist
added 2025/09/29 8:43 a.m.10 views

CVE-2025-10346 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

5.3CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 8:39 a.m.12 views

CVE-2025-10343 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...

5.3CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 8:38 a.m.14 views

CVE-2025-10342 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

5.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 8:36 a.m.3 views

CVE-2025-10341 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

5.3CVSS6.7AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 8:36 a.m.25 views

CVE-2025-10341

Summary: CVE-2025-10341 affects Perfex CRM v3.2.1 with a stored HTML injection vulnerability in the /clients/client/x endpoint. The issue arises from insufficient validation of the POST parameter “company,” enabling stored HTML injection. Affected software: Perfex CRM 3.2.1 (web application). Vul...

6.1CVSS6.7AI score0.00221EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.5 views

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.7 views

PT-2025-39819

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request with malicious content in the subject parameter to the ''/knoewled...

6.1CVSS6.8AI score0.00181EPSS
Exploits0References5
NVD
NVD
added 2025/08/05 7:15 a.m.6 views

CVE-2025-8313

The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00239EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/02 10:43 p.m.18 views

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

7.6CVSS6.2AI score0.00403EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2024/10/02 6:15 a.m.6 views

CVE-2024-9174

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

5.4CVSS5.8AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2023/04/12 2:15 p.m.3 views

CVE-2023-27775

A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload...

5.4CVSS6.2AI score0.00521EPSS
Exploits1References3
Huntr
Huntr
added 2023/01/27 11:39 p.m.27 views

Dropdown Menu Manipulation leads to stored HTML Injection

Hello In the Cronjob we can change the Interval Time the Dropdown Menu "minutes" to a stored HTML Injection. The Vulnerabilities are 2: 1. First thing the Dropdown Menu should be fixed and nobody can alter or change anything which we will do 2. Second we can implement a stored HTML Injection with...

4.3CVSS5.8AI score0.00439EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.694 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for...

4.8CVSS0.1AI score0.00625EPSS
Exploits2
NVD
NVD
added 2019/07/03 8:15 p.m.27 views

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

6.1CVSS6.8AI score0.00793EPSS
Exploits0References1
Prion
Prion
added 2019/07/03 8:15 p.m.18 views

Design/Logic Flaw

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

4.3CVSS6.3AI score0.00793EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder