14 matches found
CVE-2026-1131
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131 Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131 Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1131
CVE-2026-1131 affects Yonyou KSOA 9.0. The issue arises in the HTTP GET Parameter Handler, where manipulating the catalogid argument in the request to /kmc/save_catalog.jsp enables SQL injection. It is remotely exploitable and the exploit has been publicly disclosed. The vendor was contacted but ...
PT-2026-3414
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists due to manipulation of the catalogid parameter in the HTTP GET request to the /kmc/save catalog.jsp file. This affects an unknown function within the HTTP GET Parameter Handler...
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...
everythingtrackandfield.com XSS vulnerability
Open Bug Bounty ID: OBB-427862 Description| Value ---|--- Affected Website:| everythingtrackandfield.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...
CVE-2008-6240
Cross-site scripting XSS vulnerability in data/views/index.html in OpenEdit Digital Asset Management DAM before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in data/views/index.html in OpenEdit Digital Asset Management DAM before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter...
CVE-2008-6240
Cross-site scripting XSS vulnerability in data/views/index.html in OpenEdit Digital Asset Management DAM before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter...
CVE-2008-6240
OpenEdit Digital Asset Management (DAM) contains a Cross-site Scripting (XSS) vulnerability in data/views/index.html, exploitable via the catalogid parameter. Affected software is OpenEdit DAM prior to version 5.2014. The vulnerability allows remote attackers to inject arbitrary web script or HTM...