CVE

CVE-PENDING: Bdtask Multi-Store Inventory Management System 1...

PT-2026-31429

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the survey accounts module if a user...

EUVD-2021-30239

Malicious code in bioql PyPI...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and the EMUI account module are...

BIT-SUITECRM-2021-25960 SuiteCRM - CSV Injection in Accounts Module

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

Huawei HarmonyOS and EMUI Denial of Service Vulnerability (CNVD-2024-14983)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

Cross site scripting

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus is affected by CVE-2021-43295: versions prior to 11016 are vulnerable to Reflected XSS in the Accounts module. The vulnerability is caused by improper handling of user-supplied input, enabling an attacker to inject scripts that could be reflected and executed ...

CVE-2021-25960

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

Input validation

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

CVE-2021-25960 SuiteCRM - CSV Injection in Accounts Module

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

PT-2021-16884 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.10.29 through 7.10.31 SuiteCRM versions 7.11.18 through 7.11.19 Description: The issue concerns a CSV Injection vulnerability, also known as Formula Injection, which allows a low-privileged attacker to inject payloads into...

SuiteCRM CSV Injection Vulnerability

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

SuiteCRM 安全漏洞

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

PT-2020-14342 · Salesagility · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.14 Description: The issue allows for CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. This occurs due to mishandling of these fields during a Download Import Fi...

Zurmo CRM - Persistent XSS Vulnerability

Exploit for php platform in category web applications Affected software: Zurmo CRM Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. Type of vulnerability: XSS...

Zurmo CRM - Persistent Cross-Site Scripting

Zurmo CRM - Persistent Cross-Site Scripting Affected software: Zurmo CRM Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. Type of vulnerability: XSS Stored UR...

CVE-2005-1316

Cross-site scripting XSS vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...