6 matches found
CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...
PT-2025-41534
Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...
Energy CRM 跨站脚本漏洞
Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient input validation of the parameter customerName0 in the file /crm/createinvoicesubmit.php, which could lead to a stored...
CVE-2023-49639
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customerdetails' parameter of the buyerinvoicesubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2024-13774 · Billing · Billing
Name of the Vulnerable Software and Affected Versions: Billing Software version 1.0 Description: The issue is related to multiple Unauthenticated SQL Injection vulnerabilities. The customer details parameter of the "buyer invoice submit.php" resource does not validate the characters received, and...
Kashipara Billing Software SQL Injection Vulnerability
Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in Kashipara Billing Software v1.0, which originates when the customerdetails parameter of the buyerinvoicesubmit.php page is processed without filtering the data and sending it to the database...