EUVD-2023-28291

Malicious code in bioql PyPI...

CVE-2025-9168

CVE-2025-9168 affects SolidInvoice up to version 2.4.0 in the Invoice Creation Module. The issue arises from improper processing of the /invoice file, where manipulating the Client Name parameter triggers a stored XSS vulnerability. The attack can be launched remotely, and the exploit has been ma...

CVE-2025-9167 SolidInvoice Recurring Invoice recurring cross site scripting

A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The explo...

SolidInvoice 代码注入漏洞

SolidInvoice is an invoice solution application from SolidInvoice open source. A code injection vulnerability exists in SolidInvoice version 2.4.0 and earlier, which stems from the incorrect manipulation of the parameter Client Name by file/invoice in the component Invoice Creation Module, leadin...

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...

ASUS RT-N12 安全漏洞

ASUS RT-N12 is a router from Asus China. A security vulnerability exists in ASUS RT-N12+ B1, which stems from the presence of a CSV injection vulnerability that allows an administrator user to inject arbitrary commands or formulas into the client name parameter...

PT-2024-4605 · Asus · Asus Rt-N12+ B1

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 version affected versions not specified Description: The issue is related to a lack of data sanitization on the administrative level, allowing for the exploitation of a CSV injection vulnerability. This vulnerability enables a...

SUSE CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...