Page 2 of 8 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en Expense Tracker 1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo de texto del Chat. • https://github.com/cyb3r-n3rd/cve-request/blob/main/cve-poc-payload • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. Una vulnerabilidad de inyección SQL en Sourcecodester Budget and Expense Tracker System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio del campo username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0 https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Budget and Expense Tracker System versión 1.0, que permite a un usuario remoto malicioso inyectar código arbitrario por medio del campo image upload • https://github.com/hax3xploit/CVE-2021-41645 https://www.exploit-db.com/exploits/50308 • CWE-434: Unrestricted Upload of File with Dangerous Type •