Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 10:50 p.m.4 views

CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...

4.8CVSS5.5AI score0.00214EPSS
Exploits2References2
Patchstack
Patchstack
added 2025/05/20 12:0 a.m.6 views

WordPress Ashley Theme <= 1.7.0 is vulnerable to Local File Inclusion

Software Ashley Type Theme Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa01b9d5a6af Credits Bonds Required privilege Unauthenticated Published...

6.3AI score0.00488EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.10 views

WordPress Breakdance Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Breakdance Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6854 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0b7ea50f2b37 Credits Francesco Carlucci Required privilege...

6.4CVSS6.6AI score0.00324EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/10/17 12:0 a.m.4 views

Issuetracker phpBugTracker SQL Injection Vulnerability

Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. A SQL injection vulnerability exists in Issuetracker phpBugTracker before 1.7.0. The vulnerability can be exploited by remote attackers to execut...

9.8CVSS10AI score0.01394EPSS
Exploits0References1
Rows per page
Query Builder