CVE-2026-6651

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

PT-2026-33781

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-29175

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

EUVD-2026-10818

Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking...

GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper HTML escaping during the rendering of product titles, variant titles, an...

PT-2026-24417

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

CVE-2025-59935

GLPI (asset/IT management software) is affected by CVE-2025-59935. In GLPI versions 10.0.0 up to, but not including, 10.0.21, an unauthenticated user can store an XSS payload via the inventory endpoint. The vulnerability is triggered by submitting crafted input to inventory-related requests, allo...

CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...

EUVD-2022-52312

Malicious code in bioql PyPI...

CVE-2024-11247

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct of the component Inventory Page. The manipulation of the argument brand leads to...

CVE-2024-11247 SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct of the component Inventory Page. The manipulation of the argument brand leads to...

CVE-2024-11247

CVE-2024-11247 affects SourceCodester Online Eyewear Shop 1.0, specifically the Inventory Page: Master.php?f=save_product. The vulnerability is a cross-site scripting flaw caused by manipulating the brand parameter in the save_product endpoint. Exploitation can be performed remotely, and multiple...

CVE-2024-11247 SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct of the component Inventory Page. The manipulation of the argument brand leads to...

PT-2024-39929 · Unknown · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue has been found in the processing of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the id argument leads to SQL injection. The attack may...

CVE-2022-30396

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/?page=inventory/manageinventory&id=...

CVE-2022-30396

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/?page=inventory/manageinventory&id=...