CVE-2026-0585

A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /orderview.php of the component GET Parameter Handler. Such manipulation of the argument transactionid leads to sql injection. The attack can be executed...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

CVE-2025-55887 describes a Cross-Site Scripting (XSS) vulnerability in the ARD meal reservation service. The issue is located in the transactionID GET parameter on the transaction confirmation page and is caused by improper input validation and output encoding. Exploitation could allow an attacke...

CVE-2019-5720

includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...

SmartClient Local File Inclusion Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . A local file inclusion vulnerability exists in the remote procedure call RPC loadFile provided by the console functionality of SmartClient 12.0 at the...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...