CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3546 – SourceCodester Simple Cold Storage Management System Create User cross site scripting
https://notcve.org/view.php?id=CVE-2022-3546
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. • https://github.com/thehackingverse/CVE-2022-3546 https://github.com/thehackingverse/Stored-xss-/blob/main/Poc https://vuldb.com/?id.211046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3547 – SourceCodester Simple Cold Storage Management System Setting cross site scripting
https://notcve.org/view.php?id=CVE-2022-3547
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. • https://github.com/lakshaya0557/POCs/blob/main/POC https://vuldb.com/?id.211047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42232
https://notcve.org/view.php?id=CVE-2022-42232
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. Simple Cold Storage Management System versión 1.0, es vulnerable a una inyección SQL por medio del archivo /csms/classes/Master.php?f=delete_storage • https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42241
https://notcve.org/view.php?id=CVE-2022-42241
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /csms/classes/Master.php?f=delete_message • https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42249
https://notcve.org/view.php?id=CVE-2022-42249
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /csms/admin/storages/view_storage.php?id= • https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •