6 matches found
CVE-2026-3050
CVE-2026-3050 affects horilla-opensource horilla CRM up to version 1.0.2, specifically the Leads Module’s static/assets/js/global.js. A flaw in an unknown function allows manipulation of the Notes argument to trigger cross-site scripting (XSS) via a remote attack. An exploit has been published. R...
EUVD-2026-7444
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3049
Affected software: horilla-opensource horilla (up to 1.0.2). Vulnerable component/file: Query Parameter Handler, specifically the function get in horilla_generics/global_search.py. Root cause: manipulation of the argument prev_url leads to an open redirect. Impact: remote exploitation possibility...
PT-2024-36673 · Yulio Aleman Jimenez · Smart Shopify Product
Name of the Vulnerable Software and Affected Versions: Yulio Aleman Jimenez Smart Shopify Product versions 1.0.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This vulnerabilit...
PT-2023-27519
Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3 Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview madnest/madzipper is a Wannabe successor of Chumper/Zipper package for Laravel. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of filenames. P...