4 matches found
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
WordPress Ashley Theme <= 1.7.0 is vulnerable to Local File Inclusion
Software Ashley Type Theme Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa01b9d5a6af Credits Bonds Required privilege Unauthenticated Published...
WordPress Breakdance Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Breakdance Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6854 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0b7ea50f2b37 Credits Francesco Carlucci Required privilege...
Issuetracker phpBugTracker SQL Injection Vulnerability
Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. A SQL injection vulnerability exists in Issuetracker phpBugTracker before 1.7.0. The vulnerability can be exploited by remote attackers to execut...