12 matches found
EUVD-2025-37504
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting (XSS) vulnerability exists in UltimatePOS 4.8 (admin purchases). User input in the Purchases > reference No. field is reflected in the Admin Log panel without proper escaping, enabling an authenticated attacker to execute JavaScript in an admin session (potential session...
EUVD-2017-1562
Malware in sbrugna...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
flatCore-CMS Cross-Site Scripting Vulnerability
flatCore-CMS is a Web Content Management System CMS based on PHP5 and SQLite3. A cross-site scripting vulnerability exists in the admin log panel in flatCore-CMS version 1.4.6. A remote attacker can exploit the vulnerability by injecting arbitrary web script followed by HTML with the help of a...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
Design/Logic Flaw
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
CVE-2017-1000428
FlatCore-CMS 1.4.6 is vulnerable to both reflected and stored XSS. The reflected XSS occurs in user_management.php via $_SERVER['PHP_SELF'] when building links, and a stored XSS is present in the admin log panel through a malformed User-Agent string. The CVE description and multiple connected rec...