Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56924 | 1 Codeastro | 1 Internet Banking System | 2025-08-04 | N/A | 7.3 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts. | |||||
| CVE-2025-29017 | 1 Codeastro | 1 Internet Banking System | 2025-04-30 | N/A | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. | |||||
| CVE-2025-29018 | 1 Codeastro | 1 Internet Banking System | 2025-04-28 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | |||||
| CVE-2025-29015 | 1 Codeastro | 1 Internet Banking System | 2025-04-21 | N/A | 6.1 MEDIUM |
| Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. | |||||