26 matches found
CVE-2026-7457
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
PT-2026-37353
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters first name, last name, phone, notes bypass...
PT-2026-34020
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...
CVE-2026-0617
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0617
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-5287
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2021-17106
Malware in sbrugna...
EUVD-2020-29847
Malware in sbrugna...
EUVD-2020-15042
Malware in sbrugna...
CVE-2020-9017
LiteCart through 2.2.1 allows CSV injection via a customer's profile...
Html Injection Stored in edit customers
Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1. Open tab Edit Customers, click Edit customer 2. Inject this payload at field Name: TEST TEST TEST. And then click Save 3. Go to the profile page of this...
Security Update Guide Notification System News: Create your profile now
Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...
竣禾科技 ERP POS 跨站脚本漏洞
Junghwa Technology ERP POS System is an application software of China Junghwa Technology Co. system used for ERP management. ERP POS suffers from a cross-site scripting vulnerability that originates from special characters on the customer profile page not being filtered during user input, which...
CVE-2020-22274
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
CVE-2020-22274
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
Design/Logic Flaw
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...