Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3005 | 1 Local Service Search Engine Management System Project | 1 Local Service Search Engine Management System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230349 was assigned to this vulnerability. | |||||
| CVE-2023-2973 | 1 Students Online Internship Timesheet System Project | 1 Students Online Internship Timesheet System | 2024-05-17 | 3.3 LOW | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet Syste 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204. | |||||
| CVE-2023-2925 | 1 Webkul | 1 Krayin Crm | 2024-05-17 | 3.3 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2922 | 1 Comment System Project | 1 Comment System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. | |||||
| CVE-2023-2864 | 1 Online Jewelry Store Project | 1 Online Jewelry Store | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820. | |||||
| CVE-2023-2862 | 1 Sscms | 1 Siteserver Cms | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2826 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2024-05-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | |||||
| CVE-2023-2824 | 1 Dental Clinic Appointment Reservation System Project | 1 Dental Clinic Appointment Reservation System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2822 | 1 Ellucian | 1 Ethos Identity | 2024-05-17 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. | |||||
| CVE-2023-2814 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428. | |||||
| CVE-2023-2768 | 1 Sucms Project | 1 Sucms | 2024-05-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2740 | 1 Guest Management System Project | 1 Guest Management System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160. | |||||
| CVE-2023-2739 | 1 Gira | 2 Gira Home Server, Gira Home Server Firmware | 2024-05-17 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2692 | 1 Ict Laboratory Management System Project | 1 Ict Laboratory Management System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability. | |||||
| CVE-2023-2691 | 1 Personnel Property Equipment System Project | 1 Personnel Property Equipment System | 2024-05-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972. | |||||
| CVE-2023-2678 | 1 File Tracker Manager System Project | 1 File Tracker Manager System | 2024-05-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892. | |||||
| CVE-2023-2671 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887. | |||||
| CVE-2023-2667 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883. | |||||
| CVE-2023-2657 | 1 Online Computer And Laptop Store Project | 1 Online Computer And Laptop Store | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | |||||
| CVE-2023-2565 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172. | |||||