334 matches found
SourceCodester Sales and Inventory System 安全漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter msg i...
CVE-2026-30557
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcategory.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
PT-2026-29044
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...
CVE-2026-30560
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
CVE-2026-30560
SourceCodester Sales and Inventory System 1.0 contains a Reflected XSS in add_supplier.php through the msg parameter. The app does not sanitize input, allowing an attacker to craft a URL that injects arbitrary script/HTML. No exploitation details or patches are provided in the documents. Practica...
PT-2026-29053
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...
CVE-2026-30561
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addpurchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
CVE-2026-30562
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addstock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...
CVE-2026-30556
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...
PT-2026-29039
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...
CVE-2026-30561
CVE-2026-30561 is a reflected XSS in SourceCodester Sales and Inventory System 1.0, triggered in add_purchase.php via the msg parameter. The input is not properly sanitized, allowing an attacker to craft a URL that injects arbitrary script/HTML when viewed by a victim. The connected documents con...
CVE-2026-30560
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
CVE-2026-30559
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...
PT-2026-29040
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...
CVE-2026-30556
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...
CVE-2021-27940
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter...
CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2026-23066
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue If rxrpcrecvmsg fails because MSGDONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locked, it requeues the call - whether or not the call is alrea...
GHSA-GM8Q-M8MV-JJ5M Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...