Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9414

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-25 May, 2026 | 01:30
Updated At-25 May, 2026 | 01:30
Rejected At-
Credits

SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer_name results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:25 May, 2026 | 01:30
Updated At:25 May, 2026 | 01:30
Rejected At:
â–¼CVE Numbering Authority (CNA)
SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer_name results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Indian Invoicing System
CPEs
  • cpe:2.3:a:sourcecodester:indian_invoicing_system:*:*:*:*:*:*:*:*
Modules
  • Invoice Template Render Database-Backed
Versions
Affected
  • 0.*
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-79Cross Site Scripting
CWECWE-94Code Injection
Type: CWE
CWE ID: CWE-79
Description: Cross Site Scripting
Type: CWE
CWE ID: CWE-94
Description: Code Injection
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.03.5LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.04.0N/A
AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 2.0
Base score: 4.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
c4ttr4ck (VulDB User)
Timeline
EventDate
Advisory disclosed2026-05-24 00:00:00
VulDB entry created2026-05-24 02:00:00
VulDB entry last update2026-05-24 08:43:46
Event: Advisory disclosed
Date: 2026-05-24 00:00:00
Event: VulDB entry created
Date: 2026-05-24 02:00:00
Event: VulDB entry last update
Date: 2026-05-24 08:43:46
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/365395
vdb-entry
technical-description
https://vuldb.com/vuln/365395/cti
signature
permissions-required
https://vuldb.com/submit/813610
third-party-advisory
https://gist.github.com/c4ttr4ck/97c5babe1f16fa3243333528a40b7550
exploit
https://www.sourcecodester.com/
product
Hyperlink: https://vuldb.com/vuln/365395
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/365395/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/813610
Resource:
third-party-advisory
Hyperlink: https://gist.github.com/c4ttr4ck/97c5babe1f16fa3243333528a40b7550
Resource:
exploit
Hyperlink: https://www.sourcecodester.com/
Resource:
product
Information is not available yet

Similar CVEs

688Records found
CVE-2026-5325
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 07:00
Updated-27 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-SourceCodester
Product-Simple Customer Relationship Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-7390
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 15:45
Updated-29 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Pharmacy Sales and Inventory System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5810
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 22:00
Updated-24 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Sales and Inventory System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4973
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 1.81%
||
7 Day CHG-0.02%
Published-27 Mar, 2026 | 19:52
Updated-24 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Quiz System add-question.php cross site scripting

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Quiz System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-3766
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 20:02
Updated-10 Mar, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System edit-profile.php cross site scripting

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-3819
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 2.61%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 12:32
Updated-09 Mar, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Resort Reservation System Reservation Management page cross site scripting

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-resort_reservation_systemResort Reservation System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-3171
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 08:32
Updated-25 Feb, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-pamzeyPatrick MvumaSourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-14221
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.20%
||
7 Day CHG+0.01%
Published-08 Dec, 2025 | 07:02
Updated-09 Dec, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Banking System page cross site scripting

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-banking_systemOnline Banking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-13343
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.00%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 11:32
Updated-20 Nov, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Interview Management System editQuestion.php cross site scripting

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-janobeSourceCodester
Product-interview_management_systemInterview Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-13450
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.00%
||
7 Day CHG~0.00%
Published-20 Nov, 2025 | 03:02
Updated-21 Nov, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Shop Project register.php cross site scripting

A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_shop_projectOnline Shop Project
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-13349
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.39%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 14:02
Updated-20 Nov, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grades Management System Add New Grade grades.php cross site scripting

A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterremyandrade
Product-student_grades_management_systemStudent Grades Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-10075
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.45%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 00:32
Updated-09 Sep, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Polling System manage-profile.php cross site scripting

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_polling_systemOnline Polling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-10088
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.58%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 07:02
Updated-08 Sep, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Time Tracker index.html cross site scripting

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodesterremyandrade
Product-personal_time_trackerTime Tracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-1147
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 13.60%
||
7 Day CHG+0.01%
Published-19 Jan, 2026 | 09:02
Updated-23 Feb, 2026 | 08:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_patient_schedule.php cross site scripting

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-pamzeyPatrick MvumaSourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-0580
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 07:32
Updated-23 Feb, 2026 | 08:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester API Key Manager App Import Key cross site scripting

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.

Action-Not Available
Vendor-SourceCodesterremyandrade
Product-api_key_manager_appAPI Key Manager App
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-9306
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.58%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 15:32
Updated-22 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Advanced School Management System addNotice cross site scripting

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-donbermoySourceCodester
Product-advanced_school_management_systemAdvanced School Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7408
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.16% / 36.05%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 14:32
Updated-16 Jul, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Zoo Management System animal_form_template.php cross site scripting

A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-pushpam02SourceCodester
Product-zoo_management_systemZoo Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-10117
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 9.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 01:02
Updated-10 Sep, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple To-Do List System Add New Task fetch_tasks.php cross site scripting

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetch_tasks.php of the component Add New Task. Executing manipulation with the input <script>alert('XSS')</script> can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-chuck24SourceCodester
Product-simple_to-do_list_systemSimple To-Do List System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-6345
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.16% / 36.05%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 14:31
Updated-23 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester My Food Recipe Add Recipe Page add-recipe.php addRecipeModal cross site scripting

A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-My Food Recipe
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5984
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 33.08%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 22:31
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Clearance System add-fee.php cross site scripting

A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Student Clearance System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-7218
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 05:00
Updated-29 Sep, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Campcodes School Log Management System ajax.php cross site scripting

A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodesterCampCodesoretnom23
Product-school_log_management_systemSchool Log Management Systemschool_log_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-1146
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 13.60%
||
7 Day CHG+0.01%
Published-19 Jan, 2026 | 08:32
Updated-23 Feb, 2026 | 08:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scripting

A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_patient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-pamzeyPatrick MvumaSourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-3005
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 24.74%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 09:00
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Local Service Search Engine Management System POST Parameter cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230349 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLPSourceCodester
Product-local_service_search_engine_management_systemLocal Service Search Engine Management Systemlocal_service_search_engine_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2922
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 24.74%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 07:31
Updated-21 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Comment System GET Parameter index.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.

Action-Not Available
Vendor-comment_system_projectSourceCodester
Product-comment_systemComment System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-4470
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 07:00
Updated-14 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Clearance System add-student.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-online_student_clearance_systemOnline Student Clearance System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-2814
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.34% / 56.89%
||
7 Day CHG+0.25%
Published-19 May, 2023 | 16:00
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class Scheduling System POST Parameter save_teacher.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428.

Action-Not Available
Vendor-class_scheduling_system_projectSourceCodester
Product-class_scheduling_systemClass Scheduling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2824
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.35% / 57.76%
||
7 Day CHG+0.27%
Published-20 May, 2023 | 08:00
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Dental Clinic Appointment Reservation System POST Parameter service.php cross site scripting

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-dental_clinic_appointment_reservation_system_projectSourceCodester
Product-dental_clinic_appointment_reservation_systemDental Clinic Appointment Reservation System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5121
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 06:31
Updated-10 Feb, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System cross site scripting

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265201 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5123
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 22.66%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 07:31
Updated-10 Feb, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265203.

Action-Not Available
Vendor-event_registration_system_projectSourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-3822
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 06:31
Updated-24 Apr, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-7296
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 9.76%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 18:30
Updated-29 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument first_name results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodester
Product-Pizzafy Ecommerce System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3823
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 48.94%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 10:31
Updated-30 Apr, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-2864
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 10:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Jewelry Store POST Parameter customer.php cross site scripting

A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.

Action-Not Available
Vendor-online_jewelry_store_projectSourceCodester
Product-online_jewelry_storeOnline Jewelry Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4922
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 01:00
Updated-10 Feb, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Image Stack Website cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264459.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-simple_image_stack_websiteSimple Image Stack Website
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-3692
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 13:31
Updated-29 Apr, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Master.php cross site scripting

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_eyewear_shopOnline Eyewear Shop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3824
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 11:00
Updated-30 Apr, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3825
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 11:31
Updated-30 Apr, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-4645
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 12:31
Updated-10 Feb, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System changepassword.php cross site scripting

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4644
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:31
Updated-10 Feb, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System changepassword.php cross site scripting

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2692
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.27% / 50.35%
||
7 Day CHG-0.09%
Published-14 May, 2023 | 09:00
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester ICT Laboratory Management System GET Parameter room_info.php cross site scripting

A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability.

Action-Not Available
Vendor-ict_laboratory_management_system_projectSourceCodester
Product-ict_laboratory_management_systemICT Laboratory Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2660
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 54.73%
||
7 Day CHG-0.04%
Published-11 May, 2023 | 15:00
Updated-24 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Computer and Laptop Store view_categories.php sql injection

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_computer_and_laptop_storeOnline Computer and Laptop Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3821
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 37.51%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 04:00
Updated-24 Apr, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-web-based_pharmacy_product_management_systemWeb-based Pharmacy Product Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8117
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 10.71%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 23:45
Updated-08 May, 2026 | 11:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pizzafy Ecommerce System index.php cross site scripting

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Pizzafy Ecommerce System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-2740
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.25% / 48.23%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Guest Management System GET Parameter dateTest.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160.

Action-Not Available
Vendor-janobeSourceCodester
Product-guest_management_systemGuest Management Systemguest_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2671
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 08:31
Updated-22 Nov, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lost and Found Information System Contact Form cross site scripting

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lost_and_found_information_systemLost and Found Information System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4528
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.10% / 26.45%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 06:31
Updated-10 Feb, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System user-record.php cross site scripting

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4512
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.12% / 30.81%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 01:31
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System edit-profile.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9377
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 8.96%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 11:00
Updated-24 May, 2026 | 11:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester SUP Online Shopping productedit.php cross site scripting

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-SUP Online Shopping
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8136
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 9.76%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 03:45
Updated-08 May, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Pharmacy Sales and Inventory System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-7401
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 10.71%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 19:15
Updated-29 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-CET Automated Grading System with AI Predictive Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found