Security Risk Category
web-application Security Risks
Published vulnerability pages connected to web-application. One risk can appear in multiple categories while keeping one canonical page.
web-application risks
Showing 6 of 6 published risks.
ValeApp Stored Cross-Site Scripting Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Updated Jul 10, 2026
HCL DevOps Deploy Permissive CORS Vulnerability
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Updated Jul 10, 2026
BiEticaret Reflected Cross-Site Scripting Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57.
Updated Jul 10, 2026
BiEticaret SQL Injection Vulnerability
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57.
Updated Jul 10, 2026
SOPlanning Audit Retention SQL Injection Vulnerability
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user). This issue was fixed in version 1.56.01.
Updated Jul 10, 2026
OKRs & Goals Stored Cross-Site Scripting Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398.
Updated Jul 10, 2026
