18 matches found
📄 OpenSTAManager 2.9.8 Cross Site Scripting
OpenSTAManager versions 2.9.8 and below suffer from a cross site scripting vulnerability in modificaiva.php via the righe parameter. CVE-2026-24415: OpenSTAManager Affected by XSS in modificaiva.php via righe parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24415 | | Severity ...
Exploit for Cross-site Scripting in Devcode Openstamanager
CVE-2026-24415: OpenSTAManager Affected by XSS in modificaiva...
CVE-2026-35470
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
CVE-2026-35470 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
EUVD-2026-19428
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
CVE-2026-35470
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
CVE-2026-35470 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
CVE-2026-35470
OpenSTAManager
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection in the righe parameter of the confrontarighe process. An attacker can extract sensitive database information, modify or...
CVE-2026-24415
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...
CVE-2026-24415
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...
EUVD-2026-9326
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...
CVE-2026-24415
CVE-2026-24415 affects OpenSTAManager v2.9.8 and earlier, exposing multiple modules (contratti, preventivi, fatture, ddt, ordini, interventi) to Reflected XSS via the GET parameter righe in the modifica_iva.php modals. The vulnerability echoes $_GET['righe'] directly into HTML value attributes wi...
GHSA-JFGP-G7X7-J25J OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
Summary Multiple Reflected Cross-Site Scripting XSS vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users' browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and...
Cross-site Scripting (XSS)
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unchecked reflection of the righe GET parameter in the modificaiva.php modals for the contracts, quote...
OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
Summary Multiple Reflected Cross-Site Scripting XSS vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users' browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and...