CVE-2026-33912 OpenEMR has reflected XSS in ajax_download.php via reportID parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

CVE-2026-33912 OpenEMR has reflected XSS in ajax_download.php via reportID parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

CVE-2026-33912

OpenEMR prior to 8.0.0.3 is affected by a reflected XSS in ajax_download.php via the reportID parameter. An authenticated attacker could submit a malicious form, causing arbitrary JavaScript to run in the victim’s browser session. Root cause: input in reportID not properly sanitized. Affected pro...

EUVD-2018-4608

Malware in sbrugna...

EUVD-2018-3182

Malware in sbrugna...

EUVD-2024-53728

Malicious code in bioql PyPI...

EUVD-2025-15159

Malicious code in bioql PyPI...

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS versions prior to v2025.01.01, which stems from a SQL injection vulnerability found via the ReportId parameter in /core/CGReportDao.java...

PT-2025-3554 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to v2025.01.01 Description: A SQL injection vulnerability was discovered in JeeWMS via the ReportId parameter at /core/CGReportDao.java. This issue allows for potential exploitation. Recommendations: For versions prior t...

CVE-2024-57760

CVE-2024-57760 affects JeeWMS prior to v2025.01.01. A SQL injection vulnerability exists via the ReportId parameter at /core/CGReportDao.java. The CVSS 3.1 base score is 6.5 (Confidentiality impact: High; other impacts: None/Not affected). Public documents confirm the issue and affected version r...

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

Cross site scripting

A Reflected Cross Site Scripting XSS vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter...

CVE-2018-12653

A Reflected Cross Site Scripting XSS vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter...

CVE-2018-12653

CVE-2018-12653 affects Adrenalin HRMS/Core HCM 5.4.0. A Reflected Cross-Site Scripting (XSS) exists on the page at RPT/SSRSDynamicEditReports.aspx via the ReportId parameter, where user-supplied input is echoed back in the HTML response. The vulnerability allows an attacker to submit malicious Ja...

CVE-2018-11140

The 'reportID' parameter received by the '/common/runreport.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, an error-based type...