CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2025-52203

Summary: CVE-2025-52203 affects DevaslanPHP project-management v1.2.4 with a stored XSS in the Ticket Name field. An authenticated attacker can inject JavaScript, which is stored in the database and executes in a user’s browser context when they log in and are redirected to the Dashboard. The iss...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

PT-2025-31555 · Unknown · Devaslanphp Project-Management

Name of the Vulnerable Software and Affected Versions: DevaslanPHP project-management version 1.2.4 Description: A stored cross-site scripting XSS issue exists in DevaslanPHP project-management version 1.2.4. The vulnerability is located in the Ticket Name field, which does not properly sanitize...

Exploit for Cross-site Scripting in Devaslanphp Project_Management

Exploit Title: Project Management - Stored XSS Google Do...

SUSE CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handl...

VulnCheck KEV: CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

CVE-2015-3883

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

ARM mbed TLS Heap Buffer Overflow Vulnerability

ARM mbed TLS formerly PolarSSL is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A heap buffer overflow vulnerability exists in ARM mbed TLS versions 1.3.x prior to 1.3.14 and 2.x prior to 2.1.2, which stems from a failure to perform proper...