Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the composeMail function...

Comparing instead of Assigning

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Comparing instead of Assigning via improper input validation in the validateFormFieldEmail function. An attacker can achieve root-level command execution by injecting shell...

CVE-2025-66224

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

PT-2025-48365

Name of the Vulnerable Software and Affected Versions OrangeHRM versions 5.0 through 5.7 Description OrangeHRM, a human resource management system, contains an input-neutralization flaw in its mail configuration and delivery workflow. User-controlled values are not properly sanitized before being...

important E-Mail Input Field bypassed allowing Account Lockout and Takeover

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address. The Process of...