4 matches found
EUVD-2026-30268
Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...
CVE-2026-5790
CVE-2026-5790 describes a stored XSS in Stel Order (v3.25.1 and earlier) at the /app/FrontController endpoint, exploitable via the legalName and employeeID parameters. Lack of input sanitization allows injection that is persisted in the database and executed in other users’ browsers, enabling the...
STEL Order 跨站脚本漏洞
STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of the...
PT-2026-40912
Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...