CVE-2024-9031

CodeCanyon CRMGo SaaS (up to 7.2) has a cross-site scripting flaw in the /project/task/{task_id}/show endpoint triggered by the comment parameter. The issue may be exploited remotely and exploits have been disclosed publicly. Current remediation guidance in the connected docs is to disable access...

CVE-2024-9031 CodeCanyon CRMGo SaaS show cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/taskid/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-9030

CVE-2024-9030 affects CodeCanyon CRMGo SaaS 7.2. The vulnerability is a cross-site scripting flaw in the notes parameter of the file /deal/{note_id}/note. It can be triggered remotely, and exploits have been disclosed publicly. Some sources list varying severity (up to medium) but all confirm XSS...

CVE-2024-9030 CodeCanyon CRMGo SaaS note cross site scripting

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2024-9030 CodeCanyon CRMGo SaaS note cross site scripting

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2024-8945

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2024-8945

CVE-2024-8945 affects CodeCanyon RISE Ultimate Project Manager 3.7.0. The vulnerability is a SQL injection in the file /index.php/dashboard/save via the id parameter, exploitable remotely. Public PoCs/exploits exist; patched version is 3.7.1. Remediation is to upgrade to 3.7.1 or apply vendor-spe...

CVE-2024-8945 CodeCanyon RISE Ultimate Project Manager save sql injection

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2024-8945 CodeCanyon RISE Ultimate Project Manager save sql injection

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit...

CodeCanyon RISE Ultimate Project Manager SQL注入漏洞

CodeCanyon RISE Ultimate Project Manager is a project management and CRM software from CodeCanyon Corporation. A SQL injection vulnerability exists in CodeCanyon RISE Ultimate Project Manager version 3.7.0, which stems from the parameter id of the file /index.php/dashboard/save that can lead to S...

Taskhub 2.8.8 Insecure Settings

============================================================================================================================================= | Title : Taskhub v2.8.8 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

eClass LMS 6.2.0 Shell Upload

==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

QuickJob 6.1 Insecure Settings

==================================================================================================================================== | Title : quickjob 6.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

LMS ZAI 6.3 Insecure Settings

==================================================================================================================================== | Title : LMS ZAI v6.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

taskhub 2.8.7 - SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

TASKHUB-2.8.8 - XSS-Reflected

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

CVE-2024-0545

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...

Open redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be...

CVE-2024-0545 CodeCanyon RISE Rise Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be...

CVE-2024-0545 CodeCanyon RISE Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...