Lucene search
K

15 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.12 views

Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 3:4 p.m.7 views

GHSA-6JQ6-X4CX-QVCM Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.1CVSS5.5AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8562

Malware in sbrugna...

6.1CVSS6.2AI score0.01696EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Web-School ERP 跨站脚本漏洞

Web-School ERP is an application from Web-School India, Inc. An ERP application. A cross-site scripting vulnerability exists in School ERP Pro+Responsive version 1.0, which originates from a cross-site scripting vulnerability in the /schoolerp/officeadmin/ page for the esbankacc, esbankname,...

6.5CVSS5.9AI score0.00471EPSS
Exploits0References3
CNVD
CNVD
added 2018/08/08 12:0 a.m.6 views

PHP Scripts Mall PHP Template Store Script Cross-Site Scripting Vulnerability

PHP Scripts Mall PHP Template Store Script is a set of scripts for selling website templates online by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall PHP Template Store Script version 3.0.6. The vulnerability can be exploited by a remote attacker to inject...

5.4CVSS5.3AI score0.01604EPSS
Exploits5References1
OSV
OSV
added 2018/08/06 9:29 p.m.4 views

CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...

5.4CVSS5.8AI score0.01604EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/08/06 9:0 p.m.27 views

CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...

5.3AI score0.01604EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2018/08/06 12:0 a.m.6 views

PT-2018-12770 · Php · Php Template Store Script

Name of the Vulnerable Software and Affected Versions: PHP Template Store Script version 3.0.6 Description: The issue allows for cross-site scripting XSS attacks through specific fields in a user's profile, including the Address line 1, Address Line 2, Bank name, or A/C Holder name field...

5.4CVSS5.2AI score0.01604EPSS
Exploits5References3
Veracode
Veracode
added 2017/09/22 8:0 a.m.23 views

Cross-site Scripting

dolibarr is vulnerable to cross-site scripting attacks. The attack exists because it does not correctly filter the "url" field through the external calendar or 2 the bank name field in the "import external calendar" page, allowing the attacker to inject arbitrary script through them...

6.1CVSS5.9AI score0.01696EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2016/01/21 12:0 a.m.4 views

Multiple Cross-Site Scripting Vulnerabilities in Dolibarr ERP/CRM

Dolibarr ERP/CRM is the software that manages your company's business information. Multiple cross-site scripting vulnerabilities in Dolibarr ERP/CRM 3.8.3 and prior versions allow remote attackers to inject arbitrary web script or HTML via the url of an external calendar or the "Import External...

6.1CVSS6.1AI score0.01696EPSS
Exploits2References1
NVD
NVD
added 2016/01/15 7:59 p.m.15 views

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

6.1CVSS6.1AI score0.01696EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2016/01/15 7:59 p.m.25 views

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

6.1CVSS6.4AI score0.01696EPSS
Exploits2References3
Prion
Prion
added 2016/01/15 7:59 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

4.3CVSS6AI score0.01696EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2016/01/15 7:59 p.m.5 views

UBUNTU-CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

6.1CVSS6.4AI score0.01696EPSS
Exploits2References4
Cvelist
Cvelist
added 2016/01/15 7:0 p.m.22 views

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

6.1AI score0.01696EPSS
Exploits2References4
Rows per page
Query Builder