Lucene search
K

4 matches found

Cvelist
Cvelist
added last week32 views

CVE-2026-53641 FOSSBilling has stored XSS in client email views via unescaped content in JavaScript template literal

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-53641

FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56010

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description An unauthenticated payment bypass exists in the IPN callback endpoint /ipn.php. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the...

9.2CVSS6.1AI score0.00184EPSS
Exploits0References5
CVE
CVE
added 2025/10/14 12:0 a.m.14 views

CVE-2025-60536

The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...

7.5CVSS6.4AI score0.00585EPSS
Exploits0References3
Rows per page
Query Builder