CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

CVE-2021-47907

Rocket LMS 1.1 is affected by a persistent cross-site scripting (XSS) vulnerability in the support ticket module. The issue arises from the title parameter, allowing authenticated users to inject HTML/JavaScript payloads that can execute in the browsers of other users viewing the message history,...

CVE-2021-47907

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...

CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

PT-2025-43906

Name of the Vulnerable Software and Affected Versions Axosoft Scrum and Bug Tracking version 22.1.1.11545 Description A flaw exists in Axosoft Scrum and Bug Tracking that allows for CSV injection. The issue is located in the Edit Ticket Page component, specifically through manipulation of the Tit...

EUVD-2018-10597

Malware in sbrugna...

EUVD-2016-1757

Malware in sbrugna...

EUVD-2016-1960

Malware in sbrugna...

PT-2024-21916 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: A Cross-Site Scripting issue exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets. This stored XSS issue c...

CVE-2019-13081

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

Design/Logic Flaw

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...

Cross site scripting

Helpy v2.1.0 has Stored XSS via the Ticket title...

CVE-2018-18886

Helpy v2.1.0 is affected by a Stored XSS vulnerability in the Ticket title field. The issue is documented across multiple sources (CVE-2018-18886) and, per CNVD, stems from insufficient validation of client-side data, enabling an attacker to execute client-side code. This is a user-input based XS...

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...