CVE-2026-48239 Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tickid POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...

CVE-2022-31974

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports=...

CVE-2019-18207

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page...

CVE-2026-22587

Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS...

CVE-2026-22587

Ideagen DevonWay contains a stored cross-site scripting vulnerability in the Reports page. An authenticated remote attacker can craft a payload that executes when another user views the report. Affected software: Ideagen DevonWay (Reports page). Root cause: stored XSS. Impact details are limited ...

Ideagen DevonWay stored XSS

RISK EVALUATION Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS. 2. RECOMMENDED PRACTICES Update to 2.62.4 or 2.62...

CVE-2025-14991 Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting

A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing a manipulation of the argument fromdate can lead to cross site scripting. The attack may be launch...

EUVD-2019-8009

Malware in sbrugna...

EUVD-2025-32524

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit ha...

EUVD-2024-21128

Malicious code in bioql PyPI...

EUVD-2025-32022

Malicious code in bioql PyPI...

CVE-2025-20357

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

CVE-2025-20357

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

CVE-2025-20357

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

CVE-2025-20357

CVE-2025-20357 is a stored XSS vulnerability in Cisco Cyber Vision Center’s web-based management interface. The issue arises from insufficient input validation in the interface, allowing an authenticated attacker with access to the Reports page (valid admin credentials) to inject malicious script...

CVE-2025-20357 Cisco CyberVision Center Reports Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

CVE-2025-20357 Cisco CyberVision Center Reports Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

Cisco Cyber Vision Center Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities exist because the web-based management interface of an...

PT-2025-40267

Name of the Vulnerable Software and Affected Versions Cisco Cyber Vision Center affected versions not specified Description A flaw exists in the web-based management interface that could allow a remote attacker with valid administrative credentials to perform cross-site scripting XSS attacks...