64 matches found
CVE-2025-41011 HTML injection in PHP Point Of Sale
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2025-41011
CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...
PT-2026-33990
Name of the Vulnerable Software and Affected Versions PHP Point of Sale version 19.4 Description An issue exists where a lack of proper validation of user input allows an attacker to render HTML in the victim's browser. This occurs when sending a request to the endpoint '/reports/generate/specifi...
October 14, 2025—KB5066586 (OS Build 17763.7919)
None None...
EUVD-2016-10794
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...
CVE-2016-15051
Nagios XI
PT-2025-44539
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient validation ...
EUVD-2025-24123
Malicious code in bioql PyPI...
CVE-2025-0419
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting XSS. This issue affects Zirve Nova: from 235 through 20250131...
KB5065767: Servicing stack update for Windows Server 2012 R2: September 9, 2025
None None...
June 10, 2025—KB5061059 (Monthly Rollup)
None None...
June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965) - EXPIRED
None None...
May 13, 2025—KB5058454 (Security-only update)
None None...
June 10, 2025—KB5061078 (Monthly Rollup)
None None...
June 10, 2025—KB5061072 (Security-only update)
None None...
May 13, 2025—KB5058430 (Monthly Rollup)
None None...
CVE-2023-4471
The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the startdate and enddate parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
April 8, 2025—KB5055570 (Security-only update)
None None...
April 8, 2025—KB5055557 (Monthly Rollup)
None None...