CVE-2024-8140 – SourceCodester Task Progress Tracker update-task.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Task_Progress_Tracker_Update_Task_XSS.md https://vuldb.com/?ctiid.275720 https://vuldb.com/?id.275720 https://vuldb.com/?submit.396892 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7793 – SourceCodester Task Progress Tracker add-task.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7793
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.274561 https://vuldb.com/?ctiid.274561 https://vuldb.com/?submit.389362 https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackerxss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7792 – SourceCodester Task Progress Tracker delete-task.php sql injection
https://notcve.org/view.php?id=CVE-2024-7792
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. • https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackersql.md https://vuldb.com/?ctiid.274560 https://vuldb.com/?id.274560 https://vuldb.com/?submit.389360 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •