10 matches found
EUVD-2026-36647
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
EUVD-2025-84352
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'firstname' in '/clients/savecontact/'...
CVE-2025-41106
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'firstname' in '/clients/savecontact/'...
CVE-2025-41106 Multiple vulnerabilities in Fairsketch's RISE CRM Framework
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'firstname' in '/clients/savecontact/'...
CVE-2025-41106
An HTML injection flaw is present in Fairsketch’s RISE CRM Framework v3.8.1 (CVE-2025-41106). The root cause is insufficient validation of user input, enabling HTML code injection via a POST to /clients/save_contact/ with the first_name parameter. Affected product: Fairsketch RISE CRM Framework; ...
PT-2025-46334
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first name' in '/clients/save contact/'...
Fairsketch RISE CRM Framework 跨站脚本漏洞
FairSketch Fairsketch RISE CRM Framework is a team management and customer relationship management framework from FairSketch, Inc. A cross-site scripting vulnerability exists in Fairsketch RISE CRM Framework version 3.8.1, which stems from insufficient validation of user input for the parameter...
PT-2023-10007 · Unknown · Fanzila Webfinance
Name of the Vulnerable Software and Affected Versions: fanzila WebFinance version 0.5 Description: A critical issue was found in the file htdocs/prospection/save contact.php, where the manipulation of the arguments nom, prenom, email, tel, mobile, client, fonction, and note leads to sql injection...
CVE-2022-1075
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=savecontact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched...
Sourcecodester Simple College Website跨站脚本漏洞
Sourcecodester Simple College Website is Sourcecodester an open source application . A content management system. A security vulnerability exists in College Website Management System 1.0, which can be exploited by a remote attacker via the file /cwms/classes/Master.php?f=savecontact of the...