CVE-2026-31052

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component...

Inflection: XSS at https://app.goodhire.com/member/GH.aspx

Unescaped input from a URL parameter in the checkout flow was being used as a JavaScript variable for determining what cart contents to render. By manipulating the URL parameter, the researcher was able to execute arbitrary JavaScript on the page...