131 matches found
CVE-2026-30568
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the viewpurchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2026-30570
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewsales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
PT-2026-28409
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in in the view purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2026-30570
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewsales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2026-30568
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the viewpurchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2026-30571
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2026-30569
CVE-2026-30569 affects SourceCodester Sales and Inventory System 1.0. The flaw is a reflected XSS in view_stock_availability.php triggered through the limit parameter, with the app failing to sanitize input. This enables an attacker to inject arbitrary script/HTML via a crafted URL. CVSSv3.1 base...
CVE-2026-30571
CVE-2026-30571 affects SourceCodester Sales and Inventory System 1.0, specifically the view_category.php file where the limit parameter is not sanitized, enabling a reflected XSS. An attacker can craft a URL to inject arbitrary web script/HTML, which would execute in a victim’s browser. The explo...
CVE-2026-30568
CVE-2026-30568 describes a reflected XSS in SourceCodester Sales and Inventory System 1.0, arising from the view_purchase.php file via the limiter parameter. The input is not properly sanitized, enabling arbitrary script/HTML injection when a crafted URL is accessed. Connected sources consistentl...
CVE-2026-30567
CVE-2026-30567 describes a reflected XSS in SourceCodester Sales and Inventory System 1.0, specifically in the view_product.php script via the input parameter “limit.” The root cause is lack of input sanitization, allowing an attacker to inject arbitrary script or HTML through a crafted URL. The ...
PT-2026-28410
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view stock availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script o...
SourceCodester Inventory System 跨站脚本漏洞
The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the limit parameter in the viewproduct.php file,...
CVE-2026-30570
CVE-2026-30570 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is a Reflected Cross-Site Scripting (XSS) in view_sales.php via the limit parameter, where input is not sanitized, allowing remote attackers to inject arbitrary web scripts or HTML through a crafted URL. Conne...
EUVD-2025-204678
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
PT-2025-49338
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotiv limit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2005-3407
Malware in sbrugna...
EUVD-2008-0506
Malware in sbrugna...
EUVD-2018-11247
Malware in sbrugna...
EUVD-2024-53492
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-22293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter. CVE-2022-22293 Note that Nessus relies on the...