2 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. • https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md https://vuldb.com/?ctiid.249153 https://vuldb.com/?id.249153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. Una vulnerabilidad en el componente process.php de QR Code Generator versión v5.2.7, permite a atacantes llevar a cabo un salto de directorios • https://github.com/n0lsecurity/CVE-2022-24992 http://qrcdr.com https://codecanyon.net/item/qrcdr-responsive-qr-code-generator/9226839 https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •