CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

MartDevelopers Iresturant 跨站脚本漏洞

MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya, designed to integrate social restaurant operations into a single system. A cross-site scripting vulnerability exists in MartDevelopers Iresturant because the product does not effectively filter...