4328 matches found
EUVD-2025-35802
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
CVE-2025-49954
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through = 0.7.3...
CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
CVE-2025-10047
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
Request Tracker Security Vulnerability
Request Tracker is an issue and work order tracking system from Request Tracker, Inc. A security vulnerability exists in Request Tracker. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...
[SECURITY] [DSA 6032-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...
[SECURITY] [DSA 6031-1] request-tracker5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...
[SECURITY] [DSA 6030-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...
EUVD-2025-35507
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through = 0.7.3...
CVE-2025-49954
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through = 0.7.3...
CVE-2025-49954 WordPress WP-Click-Tracker Plugin <= 0.7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through = 0.7.3...
CVE-2025-49954 WordPress WP-Click-Tracker Plugin <= 0.7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through = 0.7.3...
CVE-2025-49954
CVE-2025-49954 concerns the WordPress WP-Click-Tracker plugin (versions up to 0.7.3). The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Affected component is the plugin’s web page creation logic; impact is potential execution of script in a user’s...
CVE-2025-10047
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
CVE-2025-10047
CVE-2025-10047 refers to a SQL Injection vulnerability in the WordPress plugin Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails . The issue exists in all versions up to and including 5.3.12 and stems from insufficient escaping of the user-sup...
PT-2025-45645
Name of the Vulnerable Software and Affected Versions Request Tracker versions prior to 4.4.4+dfsg-2+deb11u5 Request Tracker versions prior to 4.4.6+dfsg-1.1+deb12u3 Request Tracker versions prior to 5.0.3+dfsg-3deb12u4 Request Tracker versions prior to 5.0.7+dfsg-4+deb13u1 Description Request...
WordPress plugin Email Tracker SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...