13 matches found
CVE-2018-25174
ABC ERP 0.6.4 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to modify administrator credentials by submitting forged requests to _configurar_perfil.php. The exploit can craft requests containing parameters such as usuario, contrasena1, contrasena2, nombr...
CVE-2025-60314
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...
CVE-2025-60314
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...
CVE-2025-60314
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...
EUVD-2018-4249
Malware in sbrugna...
CVE-2025-40677
SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”...
CVE-2025-40677 SQL injection vulnerability in Summar Software´s Portal del Empleado
SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”...
Ximdex cross-site scripting vulnerability (CNVD-2018-14422)
Ximdex is a content and data management system. The system includes features such as an intelligent search engine, information aggregation, image and text recognition, etc. The DMS component is one of the data management components. A cross-site scripting vulnerability exists in the /edit URI of...
CVE-2018-12273
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...
Cross site scripting
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...
CVE-2018-12273
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...
CVE-2018-12273
The CVE-2018-12273 entry affects Ximdex 4.0, specifically the DMS component. The vulnerability is in the /edit URI and allows cross-site scripting via the Ciudad or Nombre parameter. The issue is documented across multiple feeds (NVD, CNVD, OSV, Red Hat, etc.). The CVSS data indicate a network-ba...
CVE-2018-6792
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...