Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 4:16 p.m.6 views

CVE-2020-37022

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

6.4CVSS5.8AI score0.00252EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/30 4:16 p.m.31 views

CVE-2020-37022 OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

6.4CVSS0.00252EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/13 9:33 p.m.9 views

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

6.9CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-34204

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00486EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2024/09/25 7:15 p.m.2 views

CVE-2023-51157

Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter...

5.4CVSS6.2AI score0.00458EPSS
Exploits1References2
OSV
OSV
added 2023/06/27 2:15 p.m.10 views

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2023/06/27 2:15 p.m.26 views

CVE-2023-2743

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00486EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.6 views

PT-2023-21118 · WordPress · Erp

Name of the Vulnerable Software and Affected Versions: ERP WordPress plugin versions prior to 1.12.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the employee name parameter is not properly sanitised and escaped before being outputted back in th...

6.1CVSS6AI score0.00486EPSS
Exploits2References5
Cvelist
Cvelist
added 2021/12/08 7:25 p.m.26 views

CVE-2021-36718 SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure

SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data Employee name, Employee ID number, Working hours etc' The vulnerabilety has been addressed and fixed on version 11. Default credentials ,...

6.1CVSS6.6AI score0.00548EPSS
Exploits0References1
Huntr
Huntr
added 2021/08/19 2:5 p.m.14 views

Cross-site Scripting (XSS) - Stored in imran300/inventory

✍️ Description Stored xss bug using a xss payload in the employee name when adding a new employee 🕵️‍♂️ Proof of Concept Goto http://localhost/inventory/employees/addemployee and click on add employee and copy paste the following xss payload and paste it in the EMP NAME javascript " Click on safe...

0.2AI score
Exploits0
Rows per page
Query Builder