CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7153 – CodeAstro Simple Hospital Management System POST Parameter doctor.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-7153
08 Jul 2025 — A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7148 – CodeAstro Simple Hospital Management System POST Parameter patient.html cross site scripting
https://notcve.org/view.php?id=CVE-2025-7148
07 Jul 2025 — A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7147 – CodeAstro Patient Record Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2025-7147
07 Jul 2025 — A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7133 – CodeAstro Online Movie Ticket Booking System cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-7133
07 Jul 2025 — A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6664 – CodeAstro Patient Record Management System cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-6664
25 Jun 2025 — A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.313878 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6478 – CodeAstro Expense Management System cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-6478
22 Jun 2025 — A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. • https://codeastro.com • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6452 – CodeAstro Patient Record Management System Generate New Report Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-6452
22 Jun 2025 — A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. • https://codeastro.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6131 – CodeAstro Food Ordering System POST Request Parameter edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-6131
16 Jun 2025 — A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5611 – CodeAstro Real Estate Management System submitpropertyupdate.php sql injection
https://notcve.org/view.php?id=CVE-2025-5611
04 Jun 2025 — A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5610 – CodeAstro Real Estate Management System submitpropertydelete.php sql injection
https://notcve.org/view.php?id=CVE-2025-5610
04 Jun 2025 — A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •