Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Name field of the tax rates management section. An attacker can execute arbitrary JavaScript code in an administrator's browser by submitting specially crafted input,...

CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

EUVD-2024-55338

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

CVE-2024-58293

CVE-2024-58293 affects Akaunting 3.1.8 with a server-side template injection vulnerability. Authenticated administrators can inject template expressions into multiple form fields (items, taxes, transactions, vendor name), enabling arithmetic operations and string manipulations. Public sources in ...

CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

EUVD-2015-9209

Malware in sbrugna...

CVE-2015-9369

Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9367

Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

Malicious code in taxes-experience (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3082 Malicious code in taxes-experience (npm)

--- -= Per source details. Do not edit below this line.=-...

Akaunting 3.1.8 - Server-Side Template Injection (SSTI) Vulnerability

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cred and go to : Ite...

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...

Akaunting 3.1.8 Client-Side Template Injection

Exploit Title: Akaunting 3.1.8 - Client Side Template Injection CSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 1 Login with admin cred and go to : Currencies New Currency...

Tax season is here, so are scammers

The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans...

WebFinance SQL注入漏洞

WebFinance is a web application for managing invoices and handling customer contacts. A SQL injection vulnerability exists in WebFinance version 0.5, which stems from a problem with the handling of unknowns in the file htdocs/admin/savetaxes.php, where manipulation of the parameter id can lead to...

PT-2023-10005 · Unknown · Fanzila Webfinance

Name of the Vulnerable Software and Affected Versions: fanzila WebFinance version 0.5 Description: A critical issue affects the processing of the file htdocs/admin/save taxes.php, where the manipulation of the id argument leads to sql injection. Recommendations: For fanzila WebFinance version 0.5...

GHSA-MP46-7X6Q-F28M Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...

Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...

Cross-site Scripting (XSS) - Stored

Description Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS. 1 Settings Taxes Tax type Proof of Concept Step 1: Access https://demo.microweber.org/?template=dream Step 2: Browse to Settings Taxes Tax type Step 3: Add or Edit current ta...

CVE-2021-24323

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...