CVE-2026-8629

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

CVE-2026-5325

CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...

CVE-2025-40977 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

CVE-2025-40977 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

PT-2026-1800

Name of the Vulnerable Software and Affected Versions WorkDo eCommerceGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /store-ticket API...

WorkDo HRMGo 跨站脚本漏洞

WorkDo HRMGo is a human resource management platform from WorkDo Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the subject and description parameters when sending a POST request to /store-ticket,...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

EUVD-2025-204350

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

PT-2025-52314

Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2 Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQ...

PT-2024-30136 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 0 Description: The issue concerns Incorrect Access Control, allowing unauthorized actions via the "/deleteTicket.php" API endpoint. This enables unauthorized booking deletions due to broken...

Kashipara Bus Ticket Reservation System 安全漏洞

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from /deleteTicket.php not adequately verifying that the request comes from a trusted user, and can be...

PT-2024-21915 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: The issue allows for HTML Injection via the /dashboard/show/tickets/newTicket API endpoint. Recommendations: For Leantime version 3.0.6, update to a version that fixes this issue, however at the moment, the...

CVE-2023-49970

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

PT-2024-20896 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 1.0 Description: The issue is related to a SQL Injection vulnerability in the /zms/admin/edit-ticket.php file. This vulnerability can be exploited via the tickettype and tprice parameters...

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

CVE-2023-3834

A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be...

PT-2023-26340 · Unknown · Bug Finder Listplace Directory Listing Platform

Name of the Vulnerable Software and Affected Versions: Bug Finder Listplace Directory Listing Platform version 3.0 Description: A vulnerability was found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /listplace/user/ticket/create. The...