Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Summary The approval-resolution endpoints POST /approvals/:id/approve, /reject, /request-revision accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated...

CVE-2025-40643

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40643

Energy CRM v2025 by Status Tracker Ltd contains a Stored XSS in the /crm/create_job_submit.php endpoint via the JobCreatedBy input. The lack of proper validation allows an attacker to craft a request that could be stored and later executed in an authenticated user’s browser, potentially exposing ...

CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

EUVD-2025-35664

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

EUVD-2025-14294

Malicious code in bioql PyPI...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2020-8817

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

CVE-2019-4603

IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...

cekmeceet.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1130490 Security Researcher geeknik Helped patch 8696 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting cekmeceet.com website and...

Cross site scripting

Cross-site scripting XSS vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity...

Fedora Update for ruby-korundum FEDORA-2013-10182

Check for the Version of ruby-korundum OpenVAS Vulnerability Test Fedora Update for ruby-korundum FEDORA-2013-10182 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 created by, or 3 name field in a torrent file...

weenCompany SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================= weenCompany SQL Injection Vulnerability ======================================= weenCompany SQL Injection Vulnerability Vendor: http://www.weentech.com/ Author: Gamoscu Dork:"Created by weenCompany"...