CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

PT-2026-22833

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.9 Description OpenSTAManager is a management software for technical assistance and invoicing. The application does not properly sanitize user-supplied input from the righe GET parameter before reflecting it...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...