Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.12 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.6AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.14 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 5:44 p.m.7 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.9AI score0.00261EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/03 5:44 p.m.30 views

CVE-2026-42839

CVE-2026-42839 describes a stored XSS in ERPNext 16.16.0. An authenticated user with Item record edit permissions can persist arbitrary HTML/JavaScript in item_name, description, or image fields, causing unescaped rendering in the POS cart interface for every operator adding that item to a transa...

4.8CVSS5.9AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46043

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user with permissions to edit Item records can inject arbitrary HTML or JavaScript into the item name, description, or image fields of an Item. This leads to unescaped rendering in the Point...

4.8CVSS5.9AI score0.00261EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.7 views

PT-2024-28966

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue is related to a possible FRP Factory Reset Protection bypass due to a missing check for the FRP state in the wifi item edit content of styles.xml. This could lead to local escalatio...

7.8CVSS6.3AI score0.0008EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/01/07 12:0 a.m.4 views

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by a lack of validation of the id parameter of the itemeditsubmit.php file against externally entered SQL statements,...

6.5CVSS8.2AI score0.00577EPSS
Exploits1References4
OSV
OSV
added 2016/04/12 4:59 p.m.5 views

ALPINE-CVE-2016-3172

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...

8.8CVSS8.5AI score0.02827EPSS
Exploits1References1
OSV
OSV
added 2016/04/12 4:59 p.m.4 views

DEBIAN-CVE-2016-3172

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...

8.8CVSS8.9AI score0.02827EPSS
Exploits1References1
OSV
OSV
added 2016/04/12 4:59 p.m.5 views

UBUNTU-CVE-2016-3172

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...

8.8CVSS7.7AI score0.02827EPSS
Exploits1References3
Rows per page
Query Builder