CVE-2023-47622: Multiple Reflected Cross-Site Scripting Vulnerabilities in IT Service Management platform iTop
Reflected XSS in Combodo iTop's render endpoint allows arbitrary JavaScript execution via multiple query parameters.
Security Advisories
CVE-2021-41434: Stored Cross-Site Scripting Vulnerability in Expense Management System by EGavilan Media
Stored XSS in EGavilan Media's Expense Management System allows arbitrary JavaScript execution via expense description.
CVE-2021-41433: Authentication Bypass in Resumes Management by EGavilan Media
Unauthenticated SQL injection vulnerability in EGavilan Media's Job App allows login bypass.
CVE-2021-41432: Stored Cross-Site Scripting Vulnerability in the Blog Content in FlatPress
Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content.
CVE-2021-37413: Authentication Bypass in Content Management System Provided by GRANDCOM, s.r.o.
Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.