Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/10 8:19 a.m.1 views

EUVD-2025-33689

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS4.4AI score0.00033EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/10/10 12:0 a.m.1 views

Energy CRM 跨站脚本漏洞

Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient input validation of the parameter customerName0 in the file /crm/createinvoicesubmit.php, which could lead to a stored...

5.4CVSS5.9AI score0.00033EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/10 12:0 a.m.5 views

PT-2025-41534

Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...

5.1CVSS5.7AI score0.00033EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-16767

Malware in sbrugna...

5.4CVSS5.6AI score0.00281EPSS
Exploits1References2
Huntr
Huntradded 2021/12/10 6:38 p.m.19 views

Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm

Description Application is vulnerable to Reflected cross site scripting attack on create Invoice. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Quick Create - Cost Invoice Step 3: Click on Source and enter the XSS Playload in...

4.3CVSS0.1AI score0.00227EPSS
Exploits1
OSV
OSVadded 2019/03/21 4:1 p.m.10 views

CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoicepassword parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/ URI. NOTE: this is different from CVE-2018-12255...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prionadded 2019/03/21 4:1 p.m.14 views

Cross site scripting

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoicepassword parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/ URI. NOTE: this is different from CVE-2018-12255...

3.5CVSS5.5AI score0.00281EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2019/03/16 12:0 p.m.35 views

CVE-2019-7223

CVE-2019-7223 is a stored XSS in InvoicePlane 1.5 affecting the PDF password field (index.php/invoices/ajax/save) with the payload rendered on index.php/invoices/view/##. This is documented across multiple feeds (NVD, OSV, CNVD) as a cross-site scripting vulnerability; exploit details, affected v...

5.4CVSS5.5AI score0.00281EPSS
Exploits1References1Affected Software1
exploitpack
exploitpackadded 2018/04/25 12:0 a.m.29 views

Shopy Point of Sale 1.0 - CSV Injection

Shopy Point of Sale 1.0 - CSV Injection Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Ka...

6.5CVSS9.1AI score0.02613EPSS
Exploits5
Rows per page
Query Builder