CVE-2026-42877

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

CVE-2026-5812

CVE-2026-5812 – SourceCodester Pharmacy Product Management System 1.0 : A flaw in add-sales.php (POST Parameter Handler) allows manipulation of the txtqty parameter, triggering business-logic errors. Exploitation can be remote; exploit publicly released. No explicit patch/version details or vendo...

CVE-2026-30574

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity txtqty exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is...

EUVD-2012-1316

Malware in sbrugna...

CVE-2020-28956

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

NotrinosERP 0.7 - Authenticated Blind SQL Injection

Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage:...

NotrinosERP vulnerable to SQL Injection

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

CVE-2020-28956

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

CVE-2020-28956

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

CVE-2020-28956

SugarCRM has XSS vulnerabilities in the Sales module affecting versions prior to 6.5.18 (per OpenVAS listing SugarCRM

PT-2007-6241 · Frontaccounting · Frontaccounting

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting FA 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to 1 access/logout.php or certain PHP scripts under 2 admin/, 3 dimensions/, 4 gl/, 5 inventory/, 6 manufacturing/, 7...