CVE-2024-41512

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...

CVE-2024-41516

A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...

CVE-2024-41513

A reflected cross-site scripting XSS vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter...

EUVD-2024-39064

Malicious code in bioql PyPI...

EUVD-2025-19107

Malicious code in bioql PyPI...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

CVE-2025-25905

CADClick 1.13.0 and earlier is reported vulnerable to Cross-Site Scripting (XSS) via the tree parameter. The root cause cited in CNNVD/related entries is incorrect manipulation of the tree parameter, enabling remote attackers to inject arbitrary web script or HTML. No exploitation details are pro...

PT-2025-26836 · Cadclick · Cadclick

Name of the Vulnerable Software and Affected Versions: CADClick versions 1.13.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the tree parameter, enabling Cross-Site Scripting XSS attacks. Recommendations: For CADClick versions 1.13.0 and...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

CVE-2025-25905

Cross-Site Scripting XSS vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter...

CADClick 跨站脚本漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A cross-site scripting vulnerability exists in CADClick version 1.13.0 and prior versions, which stems from an incorrect manipulation of the parameter tree...

CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

CVE-2024-41511

A Path Traversal Local File Inclusion vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter...

CVE-2024-41515

A reflected cross-site scripting XSS vulnerability in "ccHandlerResource.ashx" in CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "resurl" parameter...

CVE-2024-41516

A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...

CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

CVE-2024-41512

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...

CVE-2024-41511

A Path Traversal Local File Inclusion vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter...