CVE-2026-35009

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in add_note.php via the ticket_id GET parameter. An attacker who is authenticated can craft a URL containing a JavaScript payload in ticket_id, which is then injected into a hidden input VALUE attribute and can execute in the victim...

Dolibarr ERP/CRM 访问控制错误漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An Access Control Error vulnerability exists in Dolibarr ERP/C...

UBUNTU-CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

PT-2019-14770 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the User Note section of the note.php file. This allows a user without privileges to inject a script, potentially attacking the admin. Recommendations: For Dolibarr versio...

Eventum Cross-Site Scripting Vulnerability

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/postnote.php file in Eventum version 3.5.0. The vulnerability stems from a lack of proper validation of client-si...