Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/04/21 4:50 p.m.33 views

CVE-2026-40589 FreeScout has Customer Edit Cross-Mailbox Email Takeover

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

7.6CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 8:45 a.m.5 views

CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS3.9AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 8:45 a.m.36 views

CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:45 a.m.7 views

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS3.9AI score0.00206EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29162

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/15 9:2 a.m.13 views

CVE-2025-10435 Campcodes Computer Sales and Inventory System cust_edit1.php sql injection

A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custedit1.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00387EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.7 views

CampCodes Computer Sales and Inventory System SQL注入漏洞

CampCodes Computer Sales and Inventory System is a computerized sales and inventory system from CampCodes Philippines, Inc. CampCodes Computer Sales and Inventory System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.5 views

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

7.2CVSS8.8AI score0.0107EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/05 5:0 p.m.38 views

CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack...

7.5CVSS0.00767EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.4 views

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

7.2CVSS6.2AI score0.0107EPSS
Exploits1References2
OSV
OSV
added 2023/08/17 8:15 p.m.3 views

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

7.2CVSS6.1AI score0.0107EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.9 views

PT-2023-23537 · Unknown · Online Travel Agency System

Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the costomer id parameter at the "customer edit.php" endpoint. This enables the attacker to manipulate database...

7.2CVSS8.9AI score0.0107EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/11/08 9:15 p.m.3 views

CVE-2021-40260

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References2
Rows per page
Query Builder