9 matches found
CVE-2026-2679
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2679
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2679
Reflected Cross‑Site Scripting (XSS) vulnerability detected in the A3factura web platform, via the parameter 'customerName' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CVE records) as allowing an atta...
Wolters Kluwer A3factura 跨站脚本漏洞
Wolters Kluwer A3factura is a billing management software developed by the German company Wolters Kluwer. Wolters Kluwer A3factura has a cross-site scripting vulnerability. This vulnerability stems from a reflective cross-site scripting vulnerability in the parameter customerName of the...
CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...
PT-2025-41534
Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...
CVE-2014-4965
Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...
CVE-2014-4965
Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...