CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/04/13 7:22 p.m.•3 views

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

9.3CVSS5.8AI score0.00502EPSS

Exploits0References1

EUVD•added 2026/04/11 9:30 p.m.•2 views

EUVD-2026-21682

A pre-authenticated reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

9.3CVSS6AI score0.00502EPSS

Exploits0References2

NVD•added 2026/04/11 7:16 p.m.•1 views

CVE-2026-31845

9.3CVSS0.00502EPSS

Exploits0References1

Cvelist•added 2026/04/11 6:26 p.m.•19 views

CVE-2026-31845

9.3CVSS0.00502EPSS

Exploits0References1

ATTACKERKB•added 2026/04/11 6:26 p.m.•1 views

CVE-2026-31845

9.3CVSS5.8AI score0.00502EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/11 6:26 p.m.•1 views

CVE-2026-31845

9.3CVSS5.8AI score0.00502EPSS

Exploits0References1

CVE•added 2026/04/11 6:26 p.m.•11 views

CVE-2026-31845

CVE-2026-31845 describes a reflected XSS in Rukovoditel CRM ≤ 3.6.4 via the Zadarma telephony API endpoint (/api/tel/zadarma.php). The code path uses: if (isset($_GET['zd_echo'])) exit($_GET['zd_echo']); which directly reflects user input from the zd_echo GET parameter into the HTTP response with...

9.3CVSS5.8AI score0.00502EPSS

Exploits0References1

Positive Technologies•added 2026/04/11 12:0 a.m.•3 views

PT-2026-32121

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zd echo' GET parameter into the HTTP response without proper...

9.3CVSS5.8AI score0.00502EPSS

Exploits0References2

CNNVD•added 2026/04/11 12:0 a.m.•4 views

Rukovoditel CRM 安全漏洞

Rukovoditel CRM is a web-based customer relationship and business process management system developed by Rukovoditel company. Versions of Rukovoditel CRM 3.6.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the zdecho parameter in the Zadarma phon...

9.3CVSS5.7AI score0.00502EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-20408

Malicious code in bioql PyPI...

4.7CVSS6.6AI score0.00262EPSS

Exploits1References2

RedhatCVE•added 2025/03/15 8:11 a.m.•8 views

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

4.7CVSS7AI score0.00262EPSS

Exploits1References1

NVD•added 2025/03/13 2:15 p.m.•7 views

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

4.7CVSS0.00262EPSS

Exploits1References1

OSV•added 2025/03/13 2:15 p.m.•1 views

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

4.7CVSS6.1AI score0.00262EPSS

Exploits1References1

Vulnrichment•added 2025/03/13 12:0 a.m.•6 views

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

6.8AI score0.00262EPSS

Exploits1References1

CNNVD•added 2025/03/13 12:0 a.m.•3 views

Zadarma 安全漏洞

Zadarma is a cloud-based VoIP system from Zadarma Inc. A security vulnerability exists in Zadarma version 1.0.11, which stems from a cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary code via specially crafted scripts...

4.7CVSS6.9AI score0.00262EPSS

Exploits1References1

Cvelist•added 2025/03/13 12:0 a.m.•10 views

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

0.00262EPSS

Exploits1References1

CVE•added 2025/03/13 12:0 a.m.•48 views

CVE-2024-22880

CVE-2024-22880 describes a Cross Site Scripting vulnerability in the Zadarma extension version 1.0.11, where a remote attacker can cause the webchat component to execute arbitrary code through a crafted script. The CVSS 3.1 base score is 4.7 (Medium), with network attack vector, high attack compl...

4.7CVSS6.8AI score0.00262EPSS

Exploits1References1Affected Software1

Openbugbounty•added 2017/12/19 3:7 p.m.•16 views

my.zadarma.com XSS vulnerability

Open Bug Bounty ID: OBB-455572 Description| Value ---|--- Affected Website:| my.zadarma.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score

Exploits0