Lucene search
K

6 matches found

Cvelist
Cvelist
added 2025/10/10 8:19 a.m.10 views

CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.8 views

PT-2025-41534

Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...

5.1CVSS5.7AI score0.00189EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

Energy CRM 跨站脚本漏洞

Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient input validation of the parameter customerName0 in the file /crm/createinvoicesubmit.php, which could lead to a stored...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2024/01/04 2:15 p.m.3 views

CVE-2023-49639

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customerdetails' parameter of the buyerinvoicesubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-13774 · Billing · Billing

Name of the Vulnerable Software and Affected Versions: Billing Software version 1.0 Description: The issue is related to multiple Unauthenticated SQL Injection vulnerabilities. The customer details parameter of the "buyer invoice submit.php" resource does not validate the characters received, and...

9.8CVSS9.6AI score0.00672EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.6 views

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in Kashipara Billing Software v1.0, which originates when the customerdetails parameter of the buyerinvoicesubmit.php page is processed without filtering the data and sending it to the database...

9.8CVSS7.9AI score0.00672EPSS
Exploits1References3
Rows per page
Query Builder