Lucene search
+L

229 matches found

OSV
OSV
added 2025/06/16 8:15 p.m.5 views

CVE-2025-6136

A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument reciptno leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS5.8AI score0.00387EPSS
Exploits1References5
OSV
OSV
added 2025/05/29 9:15 a.m.5 views

CVE-2025-4670

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eddreceipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user...

5.4CVSS6AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.6 views

CVE-2023-27202

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...

9.8CVSS8.4AI score0.00788EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.5 views

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the reciptno parameter and can lead to SQL...

9.8CVSS7.9AI score0.00481EPSS
Exploits1References6
NVD
NVD
added 2025/02/03 3:15 p.m.7 views

CVE-2025-24574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through =...

7.1CVSS0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.6 views

WordPress plugin PeproDev WooCommerce Receipt Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.1AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.12 views

PT-2025-5415 · Peprodev · Peprodev Woocommerce Receipt Uploader

Name of the Vulnerable Software and Affected Versions: PeproDev WooCommerce Receipt Uploader versions prior to 2.6.9 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can inject...

7.1CVSS6.9AI score0.00271EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/29 12:0 a.m.7 views

The vulnerability of the Commerce View Receipt module in the Drupal CMS system, related to deficiencies in the authentication process, allows attackers to circumvent security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Commerce View Receipt module in the Drupal CMS system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

5.3CVSS5.5AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/09 7:4 p.m.2 views

CVE-2024-13257 Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021

Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3...

5.3CVSS6.1AI score0.00279EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.6 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Commerce View Receipt prior to version 1.0.3, which stems from the inclusion of an authorization error vulnerability...

5.3CVSS6.7AI score0.00279EPSS
Exploits0References1
OSV
OSV
added 2024/12/17 12:15 p.m.4 views

CVE-2024-9654

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verifyguestemail' function to ensure the requesting user is the intended recipient of the purchase receipt. This...

3.7CVSS7.3AI score0.00347EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/13 4:12 p.m.3 views

WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...

7.1CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/11/16 3:20 a.m.39 views

CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting

The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/16 3:20 a.m.10 views

CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting

The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS6.4AI score0.00471EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.6 views

WordPress plugin PeproDev WooCommerce Receipt Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS7.6AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.4 views

PT-2024-16497 · Unknown · Projectworlds Life Insurance Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Life Insurance Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /editPayment.php. The manipulation of the recipt no argument leads to SQL injection...

9.8CVSS8.8AI score0.00508EPSS
Exploits1References12
Patchstack
Patchstack
added 2024/10/15 3:19 a.m.5 views

WordPress Smart Online Order for Clover plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mooreceiptlink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.7 views

PT-2024-39921 · WordPress · Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's moo receipt link shortcode due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00333EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.7 views

PT-2024-39291 · WordPress · Peprodev Woocommerce Receipt Uploader

Name of the Vulnerable Software and Affected Versions: PeproDev WooCommerce Receipt Uploader plugin for WordPress versions up to, and including, 2.6.9 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...

6.1CVSS8.6AI score0.00471EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/08/18 2:13 a.m.3 views

SUSE CVE-2023-52889

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SKCTXsk-label is updated in...

5.5CVSS6.3AI score0.00231EPSS
Exploits0References13
Rows per page
Query Builder