18 matches found
GHSA-HJ9C-P59C-VQPH Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...
GHSA-CVJH-88C8-2JJX Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
EUVD-2026-19275
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
CVE-2026-31351
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
Dolibarr ERP CRM cross-site scripting vulnerabilities
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 14.0.2 of Dolibarr ERP CRM contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the ticket creation module, which...
CVE-2021-47779
Dolibarr ERP-CRM 14.0.2 is affected by a stored cross-site scripting (XSS) vulnerability in the ticket creation module. The issue allows a low-privilege user to inject JavaScript that can be executed when an administrator copies the crafted ticket text, with potential privilege escalation. Techni...
EUVD-2025-28820
Malicious code in bioql PyPI...
CVE-2025-9168
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-9168
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-9168
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-9168
CVE-2025-9168 affects SolidInvoice up to version 2.4.0 in the Invoice Creation Module. The issue arises from improper processing of the /invoice file, where manipulating the Client Name parameter triggers a stored XSS vulnerability. The attack can be launched remotely, and the exploit has been ma...
CVE-2025-9168 SolidInvoice Invoice Creation invoice cross site scripting
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
SolidInvoice 代码注入漏洞
SolidInvoice is an invoice solution application from SolidInvoice open source. A code injection vulnerability exists in SolidInvoice version 2.4.0 and earlier, which stems from the incorrect manipulation of the parameter Client Name by file/invoice in the component Invoice Creation Module, leadin...
MainWP: Reflected XSS in "Create Category" Functionality of Post Creation Module
A reflected Cross-Site Scripting XSS vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript payload in the Category Name field, the input was reflected and executed immediately after submission. However, this XS...
CVE-2021-30109
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...
CVE-2024-56693
In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D...
PT-2024-20352 · Unknown +1 · Prestashop +1
Name of the Vulnerable Software and Affected Versions: Ether Creation module "Generate barcode on invoice / delivery slip" ecgeneratebarcode for PrestaShop version 1.2.0 and earlier Description: A SQL injection issue exists in the module, allowing a guest to perform SQL injection. Recommendations...
Cross site scripting
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...