19 matches found
CVE-2026-1469
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
CVE-2026-1469
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
CVE-2026-1469
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
EUVD-2026-4996
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
PT-2026-5261
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
SourceCodester Simple Inventory System SQL注入漏洞
SourceCodester Simple Inventory System is a SourceCodester open source simple inventory system. A SQL injection vulnerability exists in SourceCodester Simple Inventory System version 1.0, which stems from incorrect manipulation of the parameter editBrandName in the file /brand.php, which could le...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
SourceCodester Online Eyewear Shop 代码注入漏洞
SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A code injection vulnerability exists in...
PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...
SourceCodester Online Eyewear Shop 代码注入漏洞
SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A code injection vulnerability exists in...
SourceCodester Stock Management System SQL注入漏洞
Sourcecodester Stock Management System is an inventory management system. A SQL injection vulnerability exists in SourceCodester Stock Management System version 1.0, which stems from a SQL injection caused by the brandName parameter of the file createBrand.php...
CVE-2023-24234
A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...
CVE-2022-46126
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/managebrand.php?id=...
CVE-2022-36637
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the brandname parameter at /brand.php...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
CVE-2018-17981
CVE-2018-17981 affects Lifesize Express devices running ls ex2_4.7.10 (2000 (14) devices). The vulnerability is a cross-site scripting (XSS) flaw exploitable via the interface/interface.php brand parameter, leading to potential script execution in a user’s browser. Root cause is an XSS in the bra...
PT-2006-6746 · Candypress · Candypress Store
Name of the Vulnerable Software and Affected Versions: CandyPress Store version 3.5.2.14 Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the policy parameter in "openPolicy.asp" or the brand...