Lucene search
K

64 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 3:15 p.m.5 views

CVE-2025-41011 HTML injection in PHP Point Of Sale

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 3:15 p.m.20 views

CVE-2025-41011

CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...

6.1CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33990

Name of the Vulnerable Software and Affected Versions PHP Point of Sale version 19.4 Description An issue exists where a lack of proper validation of user input allows an attacker to render HTML in the victim's browser. This occurs when sending a request to the endpoint '/reports/generate/specifi...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.48 views

October 14, 2025—KB5066586 (OS Build 17763.7919)

None None...

8.8CVSS6.8AI score0.03817EPSS
Exploits4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2016-10794

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

5.1CVSS5.7AI score0.00383EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:55 p.m.13 views

CVE-2016-15051

Nagios XI

5.4CVSS5.8AI score0.00383EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44539

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

5.4CVSS6.2AI score0.00383EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient validation ...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-24123

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.08257EPSS
Exploits1References6
NVD
NVD
added 2025/09/17 9:15 a.m.3 views

CVE-2025-0419

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting XSS. This issue affects Zirve Nova: from 235 through 20250131...

4.7CVSS0.00226EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2025/09/09 12:0 a.m.19 views

KB5065767: Servicing stack update for Windows Server 2012 R2: September 9, 2025

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/07/08 2:0 p.m.29 views

June 10, 2025—KB5061059 (Monthly Rollup)

None None...

8.8CVSS6.8AI score0.81558EPSS
Exploits18
Microsoft KB
Microsoft KB
added 2025/06/10 7:0 a.m.134 views

June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965) - EXPIRED

None None...

8.8CVSS6.7AI score0.81558EPSS
Exploits18
Microsoft KB
Microsoft KB
added 2025/06/10 7:0 a.m.58 views

May 13, 2025—KB5058454 (Security-only update)

None None...

8.8CVSS6.8AI score0.21228EPSS
Exploits10
Microsoft KB
Microsoft KB
added 2025/06/10 7:0 a.m.90 views

June 10, 2025—KB5061078 (Monthly Rollup)

None None...

8.8CVSS6.9AI score0.81558EPSS
Exploits17
Microsoft KB
Microsoft KB
added 2025/06/10 7:0 a.m.33 views

June 10, 2025—KB5061072 (Security-only update)

None None...

8.8CVSS6.9AI score0.64987EPSS
Exploits7
Microsoft KB
Microsoft KB
added 2025/06/10 7:0 a.m.97 views

May 13, 2025—KB5058430 (Monthly Rollup)

None None...

8.8CVSS6.8AI score0.21228EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.6 views

CVE-2023-4471

The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the startdate and enddate parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.1AI score0.00466EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2025/04/08 7:0 a.m.45 views

April 8, 2025—KB5055570 (Security-only update)

None None...

8.8CVSS6.8AI score0.13475EPSS
Exploits5
Microsoft KB
Microsoft KB
added 2025/04/08 7:0 a.m.112 views

April 8, 2025—KB5055557 (Monthly Rollup)

None None...

8.8CVSS6.8AI score0.13475EPSS
Exploits7
Rows per page
Query Builder