CVE-2026-2554

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...

EUVD-2019-4930

Malware in sbrugna...

EUVD-2013-3518

Malware in sbrugna...

EUVD-2009-5011

Malware in sbrugna...

EUVD-2023-57736

Malicious code in bioql PyPI...

CVE-2013-3584

Cross-site scripting XSS vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component...

CVE-2009-5055

Open Ticket Request System OTRS before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the...

Mars: RXSS on ██████ via customerId parameter

A Reflected Cross-Site Scripting XSS vulnerability was identified on the Mars website at ██████. The vulnerability was located in the customerId parameter, which was inadequately sanitized before being reflected back to users in the HTTP response. When the parameter was manipulated with malicious...

MTN Group: SQLi | in URL paths

The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

Design/Logic Flaw

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

CVE-2023-5421 Possible XSS execution in customer information

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

CVE-2023-5421 Possible XSS execution in customer information

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

OTRS Cross-Site Scripting Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which originates from the fact that an attacker with the privilege to create and change...

PT-2023-32093 · Unknown +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...

CVE-2019-13457

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

CVE-2019-13457

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

CVE-2018-14875

An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter...