Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/devcode-it/openstamanager@2.9.3
Typecomposer
Namespacedevcode-it
Nameopenstamanager
Version2.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.2
Latest_non_vulnerable_version2.10.2
Affected_by_vulnerabilities
0
url VCID-8yfb-n5dh-xbab
vulnerability_id VCID-8yfb-n5dh-xbab
summary OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35470
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02843
published_at 2026-06-12T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02836
published_at 2026-06-11T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04197
published_at 2026-06-13T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.042
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35470
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35470
reference_id CVE-2026-35470
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-35470
2
reference_url https://github.com/advisories/GHSA-mmm5-3g4x-qw39
reference_id GHSA-mmm5-3g4x-qw39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmm5-3g4x-qw39
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39
reference_id GHSA-mmm5-3g4x-qw39
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-07T14:06:23Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39
4
reference_url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
reference_id v2.10.2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-07T14:06:23Z/
url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10.2
purl pkg:composer/devcode-it/openstamanager@2.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10.2
aliases CVE-2026-35470, GHSA-mmm5-3g4x-qw39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8yfb-n5dh-xbab
1
url VCID-9xxa-jz3x-j7f2
vulnerability_id VCID-9xxa-jz3x-j7f2
summary OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET parameter before reflecting it in HTML output.The $_GET['righe'] parameter is directly echoed into the HTML value attribute without any sanitization using htmlspecialchars() or equivalent functions. This allows an attacker to break out of the attribute context and inject arbitrary HTML/JavaScript.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24415
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05695
published_at 2026-06-13T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05686
published_at 2026-06-14T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05703
published_at 2026-06-12T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05677
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24415
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24415
reference_id CVE-2026-24415
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24415
2
reference_url https://github.com/advisories/GHSA-jfgp-g7x7-j25j
reference_id GHSA-jfgp-g7x7-j25j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfgp-g7x7-j25j
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-jfgp-g7x7-j25j
reference_id GHSA-jfgp-g7x7-j25j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T21:17:09Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-jfgp-g7x7-j25j
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.9.8
purl pkg:composer/devcode-it/openstamanager@2.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-9zpu-9n1t-muh1
2
vulnerability VCID-arft-nr1k-6fbe
3
vulnerability VCID-bfeu-e7dd-xfdm
4
vulnerability VCID-c5z8-7azx-4qcj
5
vulnerability VCID-c8hy-uvm2-bfhx
6
vulnerability VCID-kp7s-72jv-cqg9
7
vulnerability VCID-kzsm-amyh-z7h7
8
vulnerability VCID-m5gj-5m2q-fqe6
9
vulnerability VCID-mgj8-uc4s-ebby
10
vulnerability VCID-tyyx-fdu3-k3ce
11
vulnerability VCID-vwa6-3bwc-uqga
12
vulnerability VCID-y5uk-by6v-tbct
13
vulnerability VCID-yy49-aces-uugv
14
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.9.8
aliases CVE-2026-24415, GHSA-jfgp-g7x7-j25j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xxa-jz3x-j7f2
2
url VCID-9zpu-9n1t-muh1
vulnerability_id VCID-9zpu-9n1t-muh1
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69213
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18765
published_at 2026-06-12T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18757
published_at 2026-06-14T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18782
published_at 2026-06-13T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18602
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69213
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69213
reference_id CVE-2025-69213
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69213
2
reference_url https://github.com/advisories/GHSA-w995-ff8h-rppg
reference_id GHSA-w995-ff8h-rppg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w995-ff8h-rppg
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-w995-ff8h-rppg
reference_id GHSA-w995-ff8h-rppg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-04T19:32:28Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-w995-ff8h-rppg
fixed_packages
aliases CVE-2025-69213, GHSA-w995-ff8h-rppg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zpu-9n1t-muh1
3
url VCID-arft-nr1k-6fbe
vulnerability_id VCID-arft-nr1k-6fbe
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69212
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35894
published_at 2026-06-13T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35881
published_at 2026-06-14T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35871
published_at 2026-06-12T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35691
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69212
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69212
reference_id CVE-2025-69212
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69212
2
reference_url https://github.com/advisories/GHSA-25fp-8w8p-mx36
reference_id GHSA-25fp-8w8p-mx36
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25fp-8w8p-mx36
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-25fp-8w8p-mx36
reference_id GHSA-25fp-8w8p-mx36
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:50Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-25fp-8w8p-mx36
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2025-69212, GHSA-25fp-8w8p-mx36
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arft-nr1k-6fbe
4
url VCID-bfeu-e7dd-xfdm
vulnerability_id VCID-bfeu-e7dd-xfdm
summary OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET parameter. The user-supplied value is read from $superselect['stato'] and concatenated directly into SQL WHERE clauses as a bare expression, without any sanitization, parameterization, or allowlist validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including usernames, password hashes, financial records, and any other information stored in the MySQL database. This issue has been patched in version 2.10.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28805
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04389
published_at 2026-06-11T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04376
published_at 2026-06-14T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04393
published_at 2026-06-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04378
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28805
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28805
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28805
2
reference_url https://github.com/devcode-it/openstamanager/commit/50b9089c506ba2ca249afb1dfead2af5d42c10e7
reference_id 50b9089c506ba2ca249afb1dfead2af5d42c10e7
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T18:30:58Z/
url https://github.com/devcode-it/openstamanager/commit/50b9089c506ba2ca249afb1dfead2af5d42c10e7
3
reference_url https://github.com/devcode-it/openstamanager/commit/679c40fa5b3acad4263b537f367c0695ff9666dc
reference_id 679c40fa5b3acad4263b537f367c0695ff9666dc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T18:30:58Z/
url https://github.com/devcode-it/openstamanager/commit/679c40fa5b3acad4263b537f367c0695ff9666dc
4
reference_url https://github.com/advisories/GHSA-3gw8-3mg3-jmpc
reference_id GHSA-3gw8-3mg3-jmpc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gw8-3mg3-jmpc
5
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-3gw8-3mg3-jmpc
reference_id GHSA-3gw8-3mg3-jmpc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T18:30:58Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-3gw8-3mg3-jmpc
6
reference_url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
reference_id v2.10.2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T18:30:58Z/
url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10.2
purl pkg:composer/devcode-it/openstamanager@2.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10.2
aliases CVE-2026-28805, GHSA-3gw8-3mg3-jmpc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfeu-e7dd-xfdm
5
url VCID-c5z8-7azx-4qcj
vulnerability_id VCID-c5z8-7azx-4qcj
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69215
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17828
published_at 2026-06-12T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17819
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17844
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17668
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69215
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69215
reference_id CVE-2025-69215
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69215
2
reference_url https://github.com/advisories/GHSA-qx9p-w3vj-q24q
reference_id GHSA-qx9p-w3vj-q24q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qx9p-w3vj-q24q
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-qx9p-w3vj-q24q
reference_id GHSA-qx9p-w3vj-q24q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T19:31:22Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-qx9p-w3vj-q24q
fixed_packages
aliases CVE-2025-69215, GHSA-qx9p-w3vj-q24q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5z8-7azx-4qcj
6
url VCID-c8hy-uvm2-bfhx
vulnerability_id VCID-c8hy-uvm2-bfhx
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69216
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03073
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69216
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69216
reference_id CVE-2025-69216
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69216
2
reference_url https://github.com/advisories/GHSA-q6g3-fv43-m2w6
reference_id GHSA-q6g3-fv43-m2w6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q6g3-fv43-m2w6
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6
reference_id GHSA-q6g3-fv43-m2w6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:53Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2025-69216, GHSA-q6g3-fv43-m2w6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8hy-uvm2-bfhx
7
url VCID-h7ex-t99g-pfga
vulnerability_id VCID-h7ex-t99g-pfga
summary OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65103
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01722
published_at 2026-06-12T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01719
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01734
published_at 2026-06-14T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01725
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65103
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65103
reference_id CVE-2025-65103
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65103
2
reference_url https://github.com/advisories/GHSA-2jm2-2p35-rp3j
reference_id GHSA-2jm2-2p35-rp3j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2jm2-2p35-rp3j
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j
reference_id GHSA-2jm2-2p35-rp3j
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.9.5
purl pkg:composer/devcode-it/openstamanager@2.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-9xxa-jz3x-j7f2
2
vulnerability VCID-9zpu-9n1t-muh1
3
vulnerability VCID-arft-nr1k-6fbe
4
vulnerability VCID-bfeu-e7dd-xfdm
5
vulnerability VCID-c5z8-7azx-4qcj
6
vulnerability VCID-c8hy-uvm2-bfhx
7
vulnerability VCID-kp7s-72jv-cqg9
8
vulnerability VCID-kzsm-amyh-z7h7
9
vulnerability VCID-m5gj-5m2q-fqe6
10
vulnerability VCID-mgj8-uc4s-ebby
11
vulnerability VCID-tyyx-fdu3-k3ce
12
vulnerability VCID-vwa6-3bwc-uqga
13
vulnerability VCID-y5uk-by6v-tbct
14
vulnerability VCID-yy49-aces-uugv
15
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.9.5
aliases CVE-2025-65103, GHSA-2jm2-2p35-rp3j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7ex-t99g-pfga
8
url VCID-kp7s-72jv-cqg9
vulnerability_id VCID-kp7s-72jv-cqg9
summary OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before using it in SQL LIKE clauses across multiple module-specific search handlers, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24417
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03073
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24417
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24417
reference_id CVE-2026-24417
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24417
2
reference_url https://github.com/advisories/GHSA-4hc4-8599-xh2h
reference_id GHSA-4hc4-8599-xh2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hc4-8599-xh2h
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4hc4-8599-xh2h
reference_id GHSA-4hc4-8599-xh2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T18:55:27Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4hc4-8599-xh2h
fixed_packages
aliases CVE-2026-24417, GHSA-4hc4-8599-xh2h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp7s-72jv-cqg9
9
url VCID-kzsm-amyh-z7h7
vulnerability_id VCID-kzsm-amyh-z7h7
summary OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize() on the access_token field without any class restriction. This issue has been patched in version 2.10.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29782
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23574
published_at 2026-06-11T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23761
published_at 2026-06-14T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23781
published_at 2026-06-13T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23771
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29782
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29782
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29782
2
reference_url https://github.com/devcode-it/openstamanager/commit/d2e38cbdf91a831cefc0da1548e02b297ae644cc
reference_id d2e38cbdf91a831cefc0da1548e02b297ae644cc
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T19:52:40Z/
url https://github.com/devcode-it/openstamanager/commit/d2e38cbdf91a831cefc0da1548e02b297ae644cc
3
reference_url https://github.com/advisories/GHSA-whv5-4q2f-q68g
reference_id GHSA-whv5-4q2f-q68g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whv5-4q2f-q68g
4
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-whv5-4q2f-q68g
reference_id GHSA-whv5-4q2f-q68g
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T19:52:40Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-whv5-4q2f-q68g
5
reference_url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
reference_id v2.10.2
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T19:52:40Z/
url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10.2
purl pkg:composer/devcode-it/openstamanager@2.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10.2
aliases CVE-2026-29782, GHSA-whv5-4q2f-q68g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzsm-amyh-z7h7
10
url VCID-m5gj-5m2q-fqe6
vulnerability_id VCID-m5gj-5m2q-fqe6
summary OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module. The application fails to validate that elements of the id_records array are integers before using them in an SQL IN() clause, allowing attackers to inject arbitrary SQL commands and extract sensitive data through XPATH error messages.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24418
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03073
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24418
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24418
reference_id CVE-2026-24418
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24418
2
reference_url https://github.com/advisories/GHSA-4xwv-49c8-fvhq
reference_id GHSA-4xwv-49c8-fvhq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xwv-49c8-fvhq
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq
reference_id GHSA-4xwv-49c8-fvhq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T18:47:55Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2026-24418, GHSA-4xwv-49c8-fvhq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5gj-5m2q-fqe6
11
url VCID-mgj8-uc4s-ebby
vulnerability_id VCID-mgj8-uc4s-ebby
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27012
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14682
published_at 2026-06-14T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.1471
published_at 2026-06-13T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14591
published_at 2026-06-11T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14712
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27012
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27012
reference_id CVE-2026-27012
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-27012
2
reference_url https://github.com/advisories/GHSA-247v-7cw6-q57v
reference_id GHSA-247v-7cw6-q57v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-247v-7cw6-q57v
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v
reference_id GHSA-247v-7cw6-q57v
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-04T21:21:23Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2026-27012, GHSA-247v-7cw6-q57v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mgj8-uc4s-ebby
12
url VCID-tyyx-fdu3-k3ce
vulnerability_id VCID-tyyx-fdu3-k3ce
summary OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69214
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05633
published_at 2026-06-12T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05619
published_at 2026-06-14T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05627
published_at 2026-06-13T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05606
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69214
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69214
reference_id CVE-2025-69214
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69214
2
reference_url https://github.com/advisories/GHSA-qjv8-63xq-gq8m
reference_id GHSA-qjv8-63xq-gq8m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjv8-63xq-gq8m
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-qjv8-63xq-gq8m
reference_id GHSA-qjv8-63xq-gq8m
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:52Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-qjv8-63xq-gq8m
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2025-69214, GHSA-qjv8-63xq-gq8m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyyx-fdu3-k3ce
13
url VCID-vwa6-3bwc-uqga
vulnerability_id VCID-vwa6-3bwc-uqga
summary OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo parameter before using it in SQL queries, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24416
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03073
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24416
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24416
reference_id CVE-2026-24416
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24416
2
reference_url https://github.com/advisories/GHSA-p864-fqgv-92q4
reference_id GHSA-p864-fqgv-92q4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p864-fqgv-92q4
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-p864-fqgv-92q4
reference_id GHSA-p864-fqgv-92q4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:55Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-p864-fqgv-92q4
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2026-24416, GHSA-p864-fqgv-92q4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwa6-3bwc-uqga
14
url VCID-y5uk-by6v-tbct
vulnerability_id VCID-y5uk-by6v-tbct
summary OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-database) that accepts a JSON array of SQL statements via POST and executes them directly against the database without any validation, allowlist, or sanitization. An authenticated attacker with access to the Aggiornamenti module can execute arbitrary SQL statements including CREATE, DROP, ALTER, INSERT, UPDATE, DELETE, SELECT INTO OUTFILE, and any other SQL command supported by the MySQL server. Foreign key checks are explicitly disabled before execution (SET FOREIGN_KEY_CHECKS=0), further reducing database integrity protections. This issue has been patched in version 2.10.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35168
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12341
published_at 2026-06-12T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12326
published_at 2026-06-14T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.12347
published_at 2026-06-13T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12247
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35168
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35168
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35168
2
reference_url https://github.com/devcode-it/openstamanager/commit/43970676bcd6636ff8663652fd82579f737abb74
reference_id 43970676bcd6636ff8663652fd82579f737abb74
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T16:19:18Z/
url https://github.com/devcode-it/openstamanager/commit/43970676bcd6636ff8663652fd82579f737abb74
3
reference_url https://github.com/advisories/GHSA-2fr7-cc4f-wh98
reference_id GHSA-2fr7-cc4f-wh98
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2fr7-cc4f-wh98
4
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2fr7-cc4f-wh98
reference_id GHSA-2fr7-cc4f-wh98
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T16:19:18Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2fr7-cc4f-wh98
5
reference_url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
reference_id v2.10.2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T16:19:18Z/
url https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10.2
purl pkg:composer/devcode-it/openstamanager@2.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10.2
aliases CVE-2026-35168, GHSA-2fr7-cc4f-wh98
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uk-by6v-tbct
15
url VCID-yy49-aces-uugv
vulnerability_id VCID-yy49-aces-uugv
summary OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The application fails to validate that comma-separated values from the id_documenti GET parameter are integers before using them in SQL IN() clauses, allowing attackers to inject arbitrary SQL commands and extract sensitive data through XPATH error messages.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24419
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-12T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03073
published_at 2026-06-11T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24419
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24419
reference_id CVE-2026-24419
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24419
2
reference_url https://github.com/advisories/GHSA-4j2x-jh4m-fqv6
reference_id GHSA-4j2x-jh4m-fqv6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4j2x-jh4m-fqv6
3
reference_url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4j2x-jh4m-fqv6
reference_id GHSA-4j2x-jh4m-fqv6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-06T18:30:04Z/
url https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4j2x-jh4m-fqv6
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10-beta
purl pkg:composer/devcode-it/openstamanager@2.10-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kp7s-72jv-cqg9
3
vulnerability VCID-kzsm-amyh-z7h7
4
vulnerability VCID-y5uk-by6v-tbct
5
vulnerability VCID-zf18-hsf6-huhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10-beta
aliases CVE-2026-24419, GHSA-4j2x-jh4m-fqv6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy49-aces-uugv
16
url VCID-zf18-hsf6-huhu
vulnerability_id VCID-zf18-hsf6-huhu
summary OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-38751
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17991
published_at 2026-06-14T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.18015
published_at 2026-06-13T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.18
published_at 2026-06-12T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17841
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-38751
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-38751
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-38751
2
reference_url https://github.com/advisories/GHSA-rm34-fg4m-39mw
reference_id GHSA-rm34-fg4m-39mw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rm34-fg4m-39mw
3
reference_url https://github.com/devcode-it/openstamanager
reference_id openstamanager
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:15:57Z/
url https://github.com/devcode-it/openstamanager
4
reference_url https://github.com/fuutianyii/poc
reference_id poc
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:15:57Z/
url https://github.com/fuutianyii/poc
fixed_packages
0
url pkg:composer/devcode-it/openstamanager@2.10.1
purl pkg:composer/devcode-it/openstamanager@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8yfb-n5dh-xbab
1
vulnerability VCID-bfeu-e7dd-xfdm
2
vulnerability VCID-kzsm-amyh-z7h7
3
vulnerability VCID-y5uk-by6v-tbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.10.1
aliases CVE-2026-38751, GHSA-rm34-fg4m-39mw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zf18-hsf6-huhu
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/devcode-it/openstamanager@2.9.3