22 matches found
EUVD-2026-29010
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...
CVE-2026-8255
CVE-2026-8255 affects Devs Palace ERP Online up to version 4.0.0, impacting an unknown portion of the file /inventory/add_new_customer. The vulnerability enables cross-site scripting (XSS) through a manipulation of that endpoint, with remote attack capability. The exploitation possibility is supp...
CVE-2026-8255 Devs Palace ERP Online add_new_customer cross site scripting
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...
CVE-2026-8255
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...
Devs Palace ERP Online 跨站脚本漏洞
Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown portion of the...
CVE-2025-62414
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
EUVD-2025-34815
bagisto has Cross Site Scripting XSS in Create New Customer...
GHSA-R9XJ-MVQF-JM7W bagisto has Cross Site Scripting (XSS) in Create New Customer
Summary In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to reflected / stored Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later...
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
CVE-2025-62414
Bagisto v2.3.7 contains a Cross-Site Scripting (XSS) vulnerability in the admin "Create New Customer" form. The issue arises from insufficient sanitization/escaping of input fields, allowing injected JavaScript to execute in an admin or viewer’s browser when customer data is displayed. The vulner...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from insufficient filtering of certain input fields in the Create New Customer functionality, which could lead to a...
CVE-2023-49977
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...
CVE-2023-49977
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...
CVE-2023-49977
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...
GHSA-C38M-9668-6J2W Magento Improper input validation vulnerability
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...
CVE-2021-28585
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...
CVE-2021-28585
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...
PT-2021-3433 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to improper input validation in the New customer WebAPI, which could allow an attacker to send...