154 matches found
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
PT-2025-40243
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get material requests based on supplier function located at erpnext/stock/doctype/material request/material request.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...
PT-2025-40246
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get rfq containing supplier function located at erpnext/buying/doctype/request for quotation/request for quotation.py is susceptible to SQL Injection. An attacker can inject a SQL query through th...
CVE-2025-52042
CVE-2025-52042 affects Frappe ERPNext 15.57.5. The vulnerable component is the function get_rfq_containing_supplier() in erpnext/buying/doctype/request_for_quotation/request_for_quotation.py, due to lack of validation of the txt parameter against externally entered SQL, enabling SQL Injection to ...
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
CVE-2025-11035
CVE-2025-11035 affects Jinher OA 2.0. The vulnerability originates from an XML External Entity (XXE) reference in the code path related to the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This allows remote abuse without user interaction. The issue is described across ...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...
Medical Store Management System MainPanel.java File SQL Injection Vulnerability
Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...
CVE-2025-8929 code-projects Medical Store Management System MainPanel.java sql injection
A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
CVE-2025-8929
CVE-2025-8929 affects the code-projects Medical Store Management System 1.0. The vulnerability resides in the file MainPanel.java , where the input parameter searchTxt is not properly filtered, leading to a SQL injection . Exploitation can be performed remotely, and the exploit has been disclosed...
Code-Projects Medical Store Management System 注入漏洞
Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...
CVE-2020-9083
HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163C00E160R3P8 have a denial of service DoS vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service...
CVE-2025-3427
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-15380 · WordPress · 3Dprint Lite
Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied infill text parameter and lack of sufficient preparation on the existing SQL query, making ...
WordPress plugin Frndzk Expandable Bottom Bar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress Frndzk Expandable Bottom Bar plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via text Parameter vulnerability discovered by johska in WordPress Plugin Frndzk Expandable Bottom Bar versions = 1.0...
Exploit for Cross-site Scripting in Squidex.Io Squidex
CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex...
Code-Projects Pharmacy Management System SQL注入漏洞
Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. A SQL injection vulnerability exists in Code-Projects Pharmacy Management System version 1.0, which stems from the parameter text in the file /addnewinvoice.php that can lead to SQL injection...