14 matches found
EUVD-2025-31563
Malicious code in bioql PyPI...
CVE-2025-10343 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...
CVE-2025-10343 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...
PT-2025-39816
Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the...
CVE-2025-8984
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-8984
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-8984 itsourcecode Online Tour and Travel Management System expense_category.php sql injection
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-8984 itsourcecode Online Tour and Travel Management System expense_category.php sql injection
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-8984
CVE-2025-8984 affects itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is in an unknown function within /admin/operations/expense_category.php, where manipulating the expense_name argument leads to SQL injection. It can be exploited remotely, and public exploits have b...
itsourcecode Online Tour and Travel Management System 注入漏洞
itsourcecode Online Tour and Travel Management System is a itsourcecode open source online tour and travel management system. An injection vulnerability exists in itsourcecode Online Tour and Travel Management System version 1.0, which is caused by incorrect manipulation of the parameter...
PT-2025-33415 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is located in an unknown function within the...
Biometric Shift Employee Management System Cross-Site Scripting Vulnerability (CNVD-2018-01399)
Biometric Shift Employee Management System is an employee management system. A cross-site scripting vulnerability exists in Biometric Shift Employee Management System. The vulnerability can be exploited to conduct a cross-site scripting attack via the expensename parameter in the...
CVE-2017-17991
Biometric Shift Employee Management System has XSS via the expensename parameter in an index.php?user=expenses request...
Cross site request forgery (csrf)
Biometric Shift Employee Management System has XSS via the expensename parameter in an index.php?user=expenses request...