15 matches found
CVE-2026-6651 erponline.xyz ERP Online Inventory Edit Item cross site scripting
A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2026-6651
A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2026-6651
CVE-2026-6651 affects erponline.xyz ERP Online (up to 4.0.0) in the Inventory Edit Item Page. The issue is a cross-site scripting vulnerability triggered by manipulating the Item Name parameter, with a remote attack surface and public exploit availability. The CVSS-derived metrics indicate LOW ov...
CVE-2025-64747
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
Directus is Vulnerable to Stored Cross-site Scripting
Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...
GHSA-VV2V-PW69-8CRF Directus is Vulnerable to Stored Cross-site Scripting
Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...
CVE-2025-64747
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64747
CVE-2025-64747 describes a stored XSS in Directus prior to version 11.13.0. Attackers with upload files and edit item permissions can inject JavaScript via the Block Editor interface. The technique exploits insufficient sanitization and uses an iframe with a srcdoc attribute to bypass CSP, enabli...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
PT-2025-46912
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...
PT-2025-34504 · Liferay · Liferay Portal +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.86 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.9 Liferay Portal versions 7.4 update 86...
CVE-2024-12935
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
Code-Projects Simple Admin Panel 安全漏洞
Code-Projects Simple Admin Panel is a simple admin panel for Code-Projects open source. A security vulnerability exists in Code-Projects Simple Admin Panel version 1.0, which stems from a SQL injection vulnerability in the record parameter of the editItemForm.php file...
CVE-2010-5042
Cross-site scripting XSS vulnerability in the DJ-ArtGallery comdjartgallery component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party...