CVE-2026-34241

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

PT-2026-42017

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description A Stored Cross-Site Scripting XSS issue exists in the ticket reply notification system. Unsanitized content from the $newmessage variable is stored in database notification payloads and rendered...

WordPress Awesome Support plugin <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticketid' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Awesome Support versions = 6.3.7...

EUVD-2025-203188

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-14581 HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

PT-2025-51050

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit form reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress HAPPY – Helpdesk Support Ticket System plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Ticket Reply vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin HAPPY versions = 1.0.9...

EUVD-2020-2953

Malware in sbrugna...

EUVD-2022-39790

Malicious code in bioql PyPI...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

Cross site scripting

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2020-10500

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request...

PT-2020-12170 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to reply to any ticket, given the id, via a crafted request to the "admin/reply-ticket.php" endpoint. This is made possible by a CSRF weakness in the...