GHSA-HJ9C-P59C-VQPH Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...

GHSA-CVJH-88C8-2JJX Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

EUVD-2026-19275

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

CVE-2026-31351

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

Dolibarr ERP CRM cross-site scripting vulnerabilities

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 14.0.2 of Dolibarr ERP CRM contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the ticket creation module, which...

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 is affected by a stored cross-site scripting (XSS) vulnerability in the ticket creation module. The issue allows a low-privilege user to inject JavaScript that can be executed when an administrator copies the crafted ticket text, with potential privilege escalation. Techni...

EUVD-2025-28820

Malicious code in bioql PyPI...

CVE-2025-9168

A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-9168

A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-9168

A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-9168 SolidInvoice Invoice Creation invoice cross site scripting

A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-9168

CVE-2025-9168 affects SolidInvoice up to version 2.4.0 in the Invoice Creation Module. The issue arises from improper processing of the /invoice file, where manipulating the Client Name parameter triggers a stored XSS vulnerability. The attack can be launched remotely, and the exploit has been ma...

SolidInvoice 代码注入漏洞

SolidInvoice is an invoice solution application from SolidInvoice open source. A code injection vulnerability exists in SolidInvoice version 2.4.0 and earlier, which stems from the incorrect manipulation of the parameter Client Name by file/invoice in the component Invoice Creation Module, leadin...

MainWP: Reflected XSS in "Create Category" Functionality of Post Creation Module

A reflected Cross-Site Scripting XSS vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript payload in the Category Name field, the input was reflected and executed immediately after submission. However, this XS...

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

CVE-2024-56693

In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D...

PT-2024-20352 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: Ether Creation module "Generate barcode on invoice / delivery slip" ecgeneratebarcode for PrestaShop version 1.2.0 and earlier Description: A SQL injection issue exists in the module, allowing a guest to perform SQL injection. Recommendations...

Cross site scripting

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...