Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2025/11/12 7:15 p.m.1 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

9.8CVSS5.9AI score0.00108EPSS
Exploits0References3
CVE
CVEadded 2025/11/12 12:0 a.m.9 views

CVE-2025-56385

WellSky Harmony 4.1.0.2.83 has a SQL injection in the login endpoint xmHarmony.asp via the TXTUSERID parameter. The vulnerability arises from insufficient sanitization of user input before it is used in a SQL query, enabling authentication bypass, data leakage, or potential full compromise of bac...

9.8CVSS7.7AI score0.00108EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/11/12 12:0 a.m.1 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

7.7AI score0.00108EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/12 12:0 a.m.2 views

WellSky Harmony 安全漏洞

WellSky Harmony is an all-in-one service management platform from WellSky USA. A security vulnerability exists in WellSky Harmony version 4.1.0.2.83, which stems from improper cleanup of the TXTUSERID parameter in the xmHarmony.asp endpoint, which could lead to an SQL injection attack...

9.8CVSS7.7AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/11/12 12:0 a.m.3 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

0.00108EPSS
Exploits0References3
Prion
Prionadded 2015/02/25 10:59 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...

4.3CVSS6.1AI score0.00254EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2015/02/25 10:0 p.m.16 views

CVE-2015-2082

Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...

5.7AI score0.00254EPSS
Exploits1References3
CVE
CVEadded 2015/02/25 10:0 p.m.37 views

CVE-2015-2082

UNIT4 Prosoft HRMS contains a cross-site scripting (XSS) vulnerability in the Login.aspx page, exploitable via the txtUserID parameter. Affected versions include PROSOFT HRMS before 8.14.330.43 (and prior versions per CNVD listing 8.14.230.47), with the issue described as allowing remote attacker...

4.3CVSS5.9AI score0.00254EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2010/07/12 1:27 p.m.12 views

Sql injection

Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the 1 txtUserId Username and 2 txtPassword Password parameters. NOTE: some of these details are obtained from third party information...

7.5CVSS9.2AI score0.00132EPSS
Exploits0References4
Rows per page
Query Builder