CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

EUVD•added 2026/04/20 6:31 p.m.•4 views

EUVD-2026-23926

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

4.8CVSS5.8AI score0.00038EPSS

Exploits0References3

NVD•added 2026/04/20 6:16 p.m.•1 views

CVE-2026-23752

4.8CVSS0.00038EPSS

Exploits0References2

Vulnrichment•added 2026/04/20 5:33 p.m.•2 views

CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter

4.8CVSS5.8AI score0.00038EPSS

Exploits0References2

ATTACKERKB•added 2026/04/20 5:33 p.m.•1 views

CVE-2026-23752

4.8CVSS5.8AI score0.00038EPSS

Exploits0References3

Cvelist•added 2026/04/20 5:33 p.m.•27 views

CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter

4.8CVSS0.00038EPSS

Exploits0References2

CVE•added 2026/04/20 5:33 p.m.•6 views

CVE-2026-23752

CVE-2026-23752 affects GFI HelpDesk prior to 4.99.9. The vulnerability is a stored XSS in the template group creation/editing flow, exploitable via the companyname POST parameter without HTML sanitization. When an authenticated administrator views the Templates > Groups page, the injected scri...

4.8CVSS5.8AI score0.00038EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/20 12:0 a.m.•3 views

PT-2026-33820

4.8CVSS5.8AI score0.00038EPSS

Exploits0References5

CNNVD•added 2026/04/20 12:0 a.m.•6 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the companyname POST parameter...

4.8CVSS6AI score0.00038EPSS

Exploits0References1

Vulnrichment•added 2026/01/20 11:35 a.m.•4 views

CVE-2025-41024 Stored Cross-Site Scripting in Poultry Farm Management System

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...

5.1CVSS5.5AI score0.00052EPSS

Exploits0References1

CVE•added 2026/01/20 11:35 a.m.•9 views

CVE-2025-41024

CVE-2025-41024 affects Poultry Farm Management System v1.0. Stored XSS arises from insufficient validation of POST input in /farm/farmprofile.php, specifically for parameters: companyaddress, companyemail, companyname, country, mobilenumber, and regno. Root cause: lack of proper input validation ...

5.4CVSS5.5AI score0.00052EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/07/14 12:0 a.m.•3 views

PHPGurukul Dairy Farm Shop Management System 注入漏洞

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the edit-company.php parameter companyname...

8.8CVSS7AI score0.00197EPSS

Exploits1References6

NVD•added 2024/08/23 5:15 p.m.•13 views

CVE-2024-42918

itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php...

5.4CVSS0.00216EPSS

Exploits1References2

OSV•added 2024/08/23 5:15 p.m.•2 views

CVE-2024-42918

5.4CVSS6.1AI score0.00216EPSS

Exploits1References2

Cvelist•added 2024/08/23 12:0 a.m.•14 views

CVE-2024-42918

0.00216EPSS

Exploits1References2

Github Security Blog•added 2022/05/17 12:53 a.m.•17 views

Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

5.4CVSS5.7AI score0.00122EPSS

Exploits0References3Affected Software1

NVD•added 2020/01/09 1:15 p.m.•15 views

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php...

6.1CVSS6.2AI score0.00361EPSS

Exploits2References3

NVD•added 2020/01/07 7:15 p.m.•11 views

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS9.6AI score0.80522EPSS

Exploits1References2

Prion•added 2020/01/07 7:15 p.m.•10 views

Sql injection

7.5CVSS9.6AI score0.80522EPSS

Exploits1References2Affected Software1

0day.today•added 2020/01/06 12:0 a.m.•78 views

Dairy Farm Shop Management System 1.0 - (username) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/...

7.1AI score

Exploits0

NVD•added 2017/12/28 6:29 p.m.•9 views

CVE-2017-17956

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter...

6.1CVSS6.1AI score0.0024EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by