CVE-2026-39338

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

CVE-2026-39338

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

CVE-2026-39338

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

PT-2026-30961

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

CVE-2026-3877

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

EUVD-2026-17883

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877

The CVE-2026-3877 issue affects the VertiGIS FM dashboard search. It is a reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality that can be triggered when an authenticated user visits a crafted URL, leading to arbitrary JavaScript execution in the user’s browser...

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. There is a security vulnerability in VertiGIS FM, which stems from a reflection-type cross-site scripting vulnerability in the dashboard search function. This vulnerability could allow attackers to create malicious...

PT-2026-29518

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

EUVD-2026-10281

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

CVE-2026-3791

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

CVE-2026-3791

CVE-2026-3791 affects SourceCodester Sales and Inventory System 1.0, specifically the file dashboard.php in the Search component. The issue arises from manipulating the argument searchtxt , causing a SQL Injection . The vulnerability can be exploited remotely, and the exploit has been disclosed p...

CVE-2026-3791 SourceCodester Sales and Inventory System Search dashboard.php sql injection

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

CVE-2025-59982

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-33385

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59982

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...