Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42071

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Oct, 2022 | 00:00
Updated At-14 May, 2025 | 14:27
Rejected At-
Credits

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Oct, 2022 | 00:00
Updated At:14 May, 2025 | 14:27
Rejected At:
▼CVE Numbering Authority (CNA)

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
N/A
https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
N/A
Hyperlink: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
x_transferred
https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
x_transferred
Hyperlink: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
Resource:
x_transferred
Hyperlink: https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Oct, 2022 | 15:16
Updated At:14 May, 2025 | 15:15

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
oretnom23
oretnom23
>>online_birth_certificate_management_system>>1.0
cpe:2.3:a:oretnom23:online_birth_certificate_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.htmlcve@mitre.org
Product
https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.htmlaf854a3a-2127-422b-91ae-364da2661108
Product
Hyperlink: https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

10472Records found
CVE-2024-4922
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 01:00
Updated-10 Feb, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Image Stack Website cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264459.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-simple_image_stack_websiteSimple Image Stack Website
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40683
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 12:12
Updated-04 Aug, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.

Action-Not Available
Vendor-Human Resource Management Systemoretnom23
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40684
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 12:12
Updated-04 Aug, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.

Action-Not Available
Vendor-Human Resource Management Systemoretnom23
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40685
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 12:12
Updated-04 Aug, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.

Action-Not Available
Vendor-Human Resource Management Systemoretnom23
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40729
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 08:30
Updated-09 Oct, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Customer Support System

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

Action-Not Available
Vendor-Customer Support Systemoretnom23
Product-customer_support_systemCustomer Support System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40686
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 12:12
Updated-04 Aug, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php.

Action-Not Available
Vendor-Human Resource Management Systemoretnom23
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46089
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 00:00
Updated-24 Apr, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-online_flight_booking_management_systemn/aonline_flight_booking_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45218
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.65%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.

Action-Not Available
Vendor-n/aoretnom23
Product-human_resource_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46088
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 00:00
Updated-08 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form.

Action-Not Available
Vendor-n/aoretnom23
Product-online_flight_booking_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43317
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.36% / 57.99%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Action-Not Available
Vendor-n/aoretnom23
Product-human_resource_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-3702
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.91%
||
7 Day CHG+0.01%
Published-08 Mar, 2026 | 04:02
Updated-10 Mar, 2026 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Loan Management System index.php cross site scripting

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-loan_management_systemLoan Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-3581
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.26% / 49.08%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Cashier Queuing System Cashiers Tab cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-cashier_queuing_systemCashier Queuing System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3580
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.37% / 58.94%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Cashier Queuing System User Creation cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-cashier_queuing_systemCashier Queuing System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36251
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.03%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 00:37
Updated-07 Sep, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.

Action-Not Available
Vendor-n/aoretnom23
Product-clinic\'s_patient_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-2869
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.53% / 67.24%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 10:49
Updated-15 Oct, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manage_user.php.

Action-Not Available
Vendor-Clinic Queuing Systemoretnom23
Product-clinic_queuing_systemClinic Queuing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-2868
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.43% / 62.63%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 10:48
Updated-15 Oct, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php.

Action-Not Available
Vendor-Clinic Queuing Systemoretnom23
Product-clinic_queuing_systemClinic Queuing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-2870
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.37% / 58.94%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 10:49
Updated-15 Oct, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patient_side.php.

Action-Not Available
Vendor-Clinic Queuing Systemoretnom23
Product-clinic_queuing_systemClinic Queuing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-2159
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2026 | 15:32
Updated-23 Feb, 2026 | 09:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_responsive_tourism_websiteSimple Responsive Tourism Website
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-2160
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.47%
||
7 Day CHG~0.00%
Published-08 Feb, 2026 | 15:32
Updated-23 Feb, 2026 | 09:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_responsive_tourism_websiteSimple Responsive Tourism Website
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-3015
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.22% / 45.06%
||
7 Day CHG~0.00%
Published-27 Aug, 2022 | 09:05
Updated-15 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oretnom23 Fast Food Ordering System cross site scripting

A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.

Action-Not Available
Vendor-fast_food_ordering_system_projectoretnom23
Product-fast_food_ordering_systemFast Food Ordering System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-8582
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.23%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 22:00
Updated-10 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System index.php cross site scripting

A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-26644
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.84%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 22:51
Updated-16 Dec, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.

Action-Not Available
Vendor-n/aoretnom23
Product-banking_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-8951
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.79%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 20:00
Updated-23 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Resort Reservation System manage_fee.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-resort_reservation_systemResort Reservation Systemresort_reservation_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-8604
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 16:00
Updated-30 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49973
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 61.41%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 00:00
Updated-15 Jan, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.

Action-Not Available
Vendor-n/aoretnom23
Product-customer_support_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-9300
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.07%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 14:31
Updated-01 Oct, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Railway Reservation System Message Us Form contact_us.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contact_us.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-railway_reservation_systemOnline Railway Reservation Systemonline_railway_reservation_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7359
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.88%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 16:31
Updated-09 Aug, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Tracking Monitoring Management System ajax.php cross site scripting

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273338 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-tracking_monitoring_management_systemTracking Monitoring Management Systemtracking_monitoring_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7929
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.17% / 38.17%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 21:31
Updated-21 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Forum Website Signup Page registration.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_forum_websiteSimple Forum Websitesimple_forum_website
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7752
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.55%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:31
Updated-19 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinics Patient Management System update_medicine.php cross site scripting

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic\'s_patient_management_systemClinics Patient Management Systemclinics_patient_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7678
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 12:31
Updated-15 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System Master.php cross site scripting

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_package. The manipulation of the argument name/description/training_duration leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7677
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.88%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 10:31
Updated-15 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System SystemSettings.php update_settings_info cross site scripting

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument contact/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7218
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.55%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 05:00
Updated-29 Sep, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Campcodes School Log Management System ajax.php cross site scripting

A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodesterCampCodesoretnom23
Product-school_log_management_systemSchool Log Management Systemschool_log_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-43141
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.99%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 18:40
Updated-24 Feb, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_subscription_websiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5437
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 23:31
Updated-09 Dec, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266442 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-6273
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 41.72%
||
7 Day CHG~0.00%
Published-23 Jun, 2024 | 22:00
Updated-06 Sep, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269485 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic_queuing_systemClinic Queuing Systemclinic_queuing_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-6212
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.81%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 00:00
Updated-30 Aug, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System student_form.php get_student cross site scripting

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5897
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 41.06%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:00
Updated-23 Aug, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System cross site scripting

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268141 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5121
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 06:31
Updated-10 Feb, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System cross site scripting

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265201 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5123
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 22.71%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 07:31
Updated-10 Feb, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265203.

Action-Not Available
Vendor-event_registration_system_projectSourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23022
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.03%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 00:00
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php.

Action-Not Available
Vendor-n/aoretnom23
Product-employees_payroll_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35582
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 67.17%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 19:40
Updated-11 Apr, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-computer_laboratory_management_systemn/alaboratory_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2100
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.24% / 47.79%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 12:31
Updated-02 Aug, 2024 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Vehicle Service Management System index.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-vehicle_service_management_systemVehicle Service Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33304
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 26.77%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 00:00
Updated-22 Apr, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-product_show_room_siten/aproduct_show_room
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3377
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-06 Apr, 2024 | 12:00
Updated-17 Jan, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System cross site scripting

A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-computer_laboratory_management_systemn/acomputer_laboratory_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31651
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 00:00
Updated-20 Jun, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.

Action-Not Available
Vendor-n/acosmetics_and_beauty_product_online_store_projectoretnom23
Product-cosmetics_and_beauty_product_online_storen/acosmetics_and_beauty_product_online_store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25551
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 00:00
Updated-16 Apr, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_student_attendance_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2145
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.19% / 40.54%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 14:00
Updated-22 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Mobile Management Store update-tracker.php cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_mobile_store_management_systemOnline Mobile Management Storeonline_mobile_management_store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-2146
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.17% / 37.63%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 14:31
Updated-20 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Mobile Management Store ?p=products cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_mobile_store_management_systemOnline Mobile Management Storeonline_mobile_management_store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1834
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 20:00
Updated-06 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 209
  • 210
  • Next
Details not found