102 matches found
CVE-2026-9414
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...
CVE-2026-9411
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...
CVE-2026-9414
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...
CVE-2026-9414
CVE-2026-9414 affects SourceCodester’s Indian Invoicing System (invoices module) specifically the Invoice Template Render Database-Backed component. A vulnerability in add_order.php allows manipulation of the customer_name parameter to trigger cross-site scripting (XSS). The flaw is exploitable r...
CVE-2026-9414 SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...
EUVD-2026-31616
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...
CVE-2026-9414
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...
CVE-2026-9411 SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...
EUVD-2026-31614
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...
PT-2026-42989
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...
SourceCodester Indian Invoicing System 代码注入漏洞
SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. A code injection vulnerability exists in SourceCodester Indian Invoicing System version 0.x and earlier and version 1.0, which originates from the Invoice Template Render Database-Backed component's...
PT-2026-42982
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer name/category results in sql injection. The...
SourceCodester Indian Invoicing System SQL注入漏洞
SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. SourceCodester Indian Invoicing System version 1.0 suffers from a SQL injection vulnerability that stems from the Invoice Generation Handler component's manipulation of the parameter...
CVE-2026-7390
The CVE affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the Customer function of /index.php?page=customer, where manipulating the Name parameter yields cross-site scripting (XSS). Attack surface is remote with a public exploit. No remediation details a...
EUVD-2026-26253
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...
CVE-2026-32712 Open Source Point of Sale has Stored XSS in Customer Name (Sales)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
Code-Projects Simple Gym Management System SQL注入漏洞
Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...
Warranty Tracking System SQL注入漏洞
The Warranty Tracking System is a warranty record management system developed by Warranty Tracking Company. Version 11.06.3 of the Warranty Tracking System contains an SQL injection vulnerability. This vulnerability stems from the txtCustomerCode, txtCustomerName, and txtPhone parameters, which m...
EUVD-2026-8851
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2679
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...