EUVD-2026-8850

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2678

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2678 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2678

CVE-2026-2678 affects A3factura software with a Reflected XSS vulnerability in the web platform. The issue is triggered via the parameter 'name' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/customers, allowing arbitrary script execution in a victim’s browser. CVSS 4.0 indicates a MEDI...

Wolters Kluwer A3factura 跨站脚本漏洞

Wolters Kluwer A3factura is a billing management software developed by the German company Wolters Kluwer. Wolters Kluwer A3factura has a cross-site scripting vulnerability. This vulnerability stems from the reflective cross-site scripting in the parameter name located at the endpoint...

PT-2026-22141

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2019-25391 Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...

CVE-2024-11275

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes...

WordPress plugin WP Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-12688 · Easyappointments +2 · Alextselegidis/Easyappointments +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A BOLA vulnerability in the "GET, PUT, DELETE /customers/customerId" endpoint allows a low-privileged user to fetch, modify, or delete a customer,...

Incorrect Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization through the V1/customers/me endpoint. An attacker can achieve information exposure and privilege escalation by triggering an...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...

PT-2022-25225 · Unknown · Online Banking System

Name of the Vulnerable Software and Affected Versions: Online Banking System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the search parameter at the "/net-banking/manage customers.php" API endpoint. Recommendations: For...

Magento is affected by an improper input validation vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...