CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2019-11030

Mirasys VMS (before v7.6.1 and before v8.3.2) is affected by CVE-2019-11030 due to insecure deserialization in Mirasys.Common.Utils.Security.DataCrypt within Common.dll (AuditTrailService in SMServer.exe). The vulnerability allows execution of a gadget contained in a serialized object with SYSTEM...