10 matches found
CVE-2020-37022
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...
CVE-2020-37022 OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...
CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
EUVD-2023-34204
Malicious code in bioql PyPI...
CVE-2023-51157
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter...
CVE-2023-2743
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2743
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2023-21118 · WordPress · Erp
Name of the Vulnerable Software and Affected Versions: ERP WordPress plugin versions prior to 1.12.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the employee name parameter is not properly sanitised and escaped before being outputted back in th...
CVE-2021-36718 SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure
SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data Employee name, Employee ID number, Working hours etc' The vulnerabilety has been addressed and fixed on version 11. Default credentials ,...
Cross-site Scripting (XSS) - Stored in imran300/inventory
✍️ Description Stored xss bug using a xss payload in the employee name when adding a new employee 🕵️♂️ Proof of Concept Goto http://localhost/inventory/employees/addemployee and click on add employee and copy paste the following xss payload and paste it in the EMP NAME javascript " Click on safe...