PT-2026-34548

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.10 Description An authenticated attacker can store a crafted tag value in user tags to trigger JavaScript execution when a victim opens the list or report view where tags are rendered. This occurs because the renderer...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2025-12397

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

EUVD-2025-44039

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

EUVD-2013-3315

Malware in sbrugna...

PT-2025-40354

Name of the Vulnerable Software and Affected Versions ERPNEXT version 15.67.0 Description The software contains multiple SQL injection flaws in the /api/method/frappe.desk.reportview.get API endpoint. The order by and group by parameters are susceptible to exploitation. Recommendations Apply...

📄 Frappe Framework 15.56.1 SQL Injection

Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...

CVE-2023-24086

SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /customs/loanbyclass.php?reportView...

SLIMS 9.5.2 Cross Site Scripting Vulnerability

Title: SLIMS-9.5.2 - XSS Reflected - Account Exploit Development: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.5.2 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2 Description:...

HackerOne: Denial of service in report view.

Hello Team! First of all thank you for acknowledging my feature request, I know it will help a lot of users. Description: ========== I just wanted to report a potential vulnerability on the report view functionality. For obvious reasons I'm using my sandboxed team on an alternate account to test...

Progress OpenEdge 11.2 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Progress OpenEdge Directory Traversal Date: 30/10/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.progress.com Software Link: www.progress.com/products/openedge Version: 11.2 Tested on: Windows OS CVE : CVE-2014-8555 T...

PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities

​ Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities in PHP Stock Management System 1.02 Date: 25 Aug 2014 Exploit Author: ​Ragha Deepthi K R Vendor Homepage: ​http://www.posnic.com/​ Software Link:​ http://sourceforge.net/projects/stockmanagement/ Version: ​1.02 Tested on:...

CVE-2013-3380

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

Information disclosure

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

CVE-2009-2155

Cross-site scripting XSS vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...