7 matches found
CVE-2026-24744
InvoicePlane 1.7.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Edit Invoices functionality, where input validation is missing for the invoice_number parameter. Exploitation requires administrator privileges, and the issue can enable unauthorized modification of data, p...
CampCodes Complete Online Beauty Parlor Management System 跨站脚本漏洞
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...
Beauty Parlour Management System invoices.php file SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...
CVE-2025-11416
The CVE-2025-11416 entry affects PHPGurukul Beauty Parlour Management System version 1.1. A SQL injection is introduced via manipulation of the delid parameter in /admin/invoices.php. Multiple connected sources (CNVD-2025-24775, RH: CVE-2025-11416, CNNVD-202510-871, CVELIST, PT-2025-41197) corrob...
CVE-2025-42934
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed LF characters into application inputs. This vulnerability has a low impact on the...
CVE-2023-32308
anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...
WordPress VikRentCar Car Rental Management System plugin <= 1.3.2 - Sensitive Data Exposure via Invoices vulnerability
Sensitive Data Exposure via Invoices vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin VikRentCar versions = 1.3.2...