CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2024-27743 – Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-27743
01 Mar 2024 — Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component. Una vulnerabilidad de Cross-Site Scripting en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección en el componente add_invoices.php. Petrol Pump Management Software version 1.0 suffers from multiple cross site script... • https://packetstorm.news/files/id/177405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4835 – SQLi in CF's Oil Management Software
https://notcve.org/view.php?id=CVE-2023-4835
15 Sep 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 . Neutralización inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en CF Software Oil Management Software permite la inyección SQL. Este problema afecta al Oil Management Software: antes de 20230912. • https://www.usom.gov.tr/bildirim/tr-23-0533 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •