153 matches found
CVE-2022-48082
Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...
Easyone CRM SQL注入漏洞
Easyone CRM is a customer relationship management system from Easyone. Manage your business relationships and access your data, from sales to marketing, wherever you are, directly from your management. A security vulnerability exists in Easyone CRM version v5.50.02, which stems from a SQL injecti...
PT-2023-15095 · Nexusphp · Nexusphp
Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...
Dovgalyuk AIBattle SQL注入漏洞
AIBattle is a platform for creating AI contests by Pavel Dovgalyuk Personal Developer. Dovgalyuk AIBattle suffers from a SQL injection vulnerability that originates in the function sendComments in the file site/procedures.php, where manipulating the text of the parameter results in SQL injection...
A PyPI for Yola 跨站脚本漏洞
A PyPI for Yola is a simple django application in the Yola open source. A PyPI for Yola suffers from a cross-site scripting vulnerability that stems from incorrect manipulation of the parameter text leading to cross-site scripting...
PT-2022-27153 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the text parameter in the setSmsCfg function. This allows for potential exploitation after authentication has been...
TOTOLINK NR1800X setSmsCfg method text parameter buffer overflow vulnerability
TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...
CVE-2022-41528
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function...
CVE-2022-41528
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function...
TOTOLINK NR1800X 缓冲区错误漏洞
TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...
CVE-2022-36258
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...
CVE-2022-36258
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...
CVE-2022-35601
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35601
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35603
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
PT-2022-22917 · Unknown · Sazanrjb Inventorymanagementsystem
Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue in SupplierDAO.java allows attackers to execute arbitrary SQL commands via the searchTxt parameter. This enables unauthorized access and manipulation of databas...
InventoryManagementSystem SQL注入漏洞
InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...
CVE-2022-34194
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
nopCommerce Cross-Site Scripting Vulnerability (CNVD-2022-70103)
nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...
CVE-2022-28450
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...