Lucene search
K

18 matches found

NVD
NVD
added 2026/04/13 4:16 p.m.2 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.4CVSS0.00287EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32381

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00287EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00287EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT from v8.3.0 to v8.3.1 contain security vulnerabilities. These vulnerabilities stem from insufficient input validation for the Name and Surname fields, which may lead to cross-site...

5.4CVSS5.6AI score0.00287EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/01 10:9 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the backend user management process. An attacker can execute arbitrary JavaScript code in the context of authenticated backend users by injecti...

9.9CVSS6AI score0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 a.m.4 views

CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

5.1CVSS5.7AI score0.00227EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 a.m.5 views

CVE-2025-13648

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 9:5 a.m.4 views

CVE-2025-13648 STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 9:5 a.m.23 views

CVE-2025-13648 STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

4.8CVSS0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/21 12:30 a.m.12 views

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

6.1CVSS5.2AI score0.00168EPSS
Exploits2References1
NVD
NVD
added 2026/01/20 6:16 p.m.6 views

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

6.1CVSS0.00168EPSS
Exploits2References2
OSV
OSV
added 2026/01/20 6:16 p.m.4 views

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

6.1CVSS5.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/20 12:0 a.m.5 views

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

5.2AI score0.00168EPSS
Exploits2References2
CVE
CVE
added 2026/01/20 12:0 a.m.21 views

CVE-2025-67263

CVE-2025-67263 affects Abacre Retail Point of Sale 14.0.0.396 in the Clients module. The vulnerability is a stored XSS caused by failing to properly sanitize user-supplied input in the Name and Surname fields, which is persisted in the database. An attacker can inject HTML or script content that ...

6.1CVSS5.2AI score0.00168EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2025/07/04 12:0 a.m.2 views

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17299)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Nome/Sobrenome in the file /html/atendido/CadastroAtendido.php, no details of the...

5.1CVSS6.3AI score0.0031EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.7 views

PT-2023-22439 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: Hotel Druid version 3.0.4 Description: A Stored Cross Site Scripting XSS issue exists in multiple pages, allowing arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. Recommendations...

5.4CVSS6.1AI score0.00663EPSS
Exploits1References12
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.248 views

Crime Reporting System 1.0 Cross Site Scripting

Exploit Title: Crime reporting system - Stored cross-site scripting XSS Date: 29/07/2022 Exploit Author: Eslam Reda Vendor Homepage: https://sourcecodehero.com/crime-reporting-system-project-in-php-with-source-code/ Software Link:...

7.4AI score
Exploits0
Snyk
Snyk
added 2022/05/24 5:38 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the username, lastname, or surname fields in user profiles. A user can insert a malicious payload in their own calendar, which may be reflected and executed when accessed by other users' calendars. This is a...

6.1CVSS5.3AI score0.00941EPSS
Exploits0References2
Rows per page
Query Builder