Lucene search
K

7 matches found

CVE
CVE
added 2026/02/18 9:1 p.m.15 views

CVE-2026-24744

InvoicePlane 1.7.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Edit Invoices functionality, where input validation is missing for the invoice_number parameter. Exploitation requires administrator privileges, and the issue can enable unauthorized modification of data, p...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

CampCodes Complete Online Beauty Parlor Management System 跨站脚本漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...

4.8CVSS5.5AI score0.00198EPSS
Exploits1References6
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

Beauty Parlour Management System invoices.php file SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CVE
CVE
added 2025/10/07 11:2 p.m.13 views

CVE-2025-11416

The CVE-2025-11416 entry affects PHPGurukul Beauty Parlour Management System version 1.1. A SQL injection is introduced via manipulation of the delid parameter in /admin/invoices.php. Multiple connected sources (CNVD-2025-24775, RH: CVE-2025-11416, CNNVD-202510-871, CVELIST, PT-2025-41197) corrob...

9.8CVSS7.2AI score0.00384EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/14 2:24 a.m.10 views

CVE-2025-42934

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed LF characters into application inputs. This vulnerability has a low impact on the...

4.3CVSS7.1AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.6 views

CVE-2023-32308

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

9.8CVSS7.9AI score0.00658EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 1:18 p.m.4 views

WordPress VikRentCar Car Rental Management System plugin <= 1.3.2 - Sensitive Data Exposure via Invoices vulnerability

Sensitive Data Exposure via Invoices vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin VikRentCar versions = 1.3.2...

5.9CVSS7AI score0.00554EPSS
Exploits0Affected Software1
Rows per page
Query Builder