CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1196 – SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1196
A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.252694 https://vuldb.com/?id.252694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24945
https://notcve.org/view.php?id=CVE-2024-24945
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php. Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con código fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Share Your Moments en /travel-journal/write -journal.php. • https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md https://portswigger.net/web-security/cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24041
https://notcve.org/view.php?id=CVE-2024-24041
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con código fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de ubicación en /travel-journal/write-journal .php. • https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md https://portswigger.net/web-security/cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24140
https://notcve.org/view.php?id=CVE-2024-24140
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' La aplicación Sourcecodester Daily Habit Tracker 1.0 permite la inyección SQL a través del parámetro 'tracker'. • https://github.com/BurakSevben/CVE-2024-24140 https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24141
https://notcve.org/view.php?id=CVE-2024-24141
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. La aplicación Sourcecodester School Task Manager 1.0 permite la inyección SQL a través del parámetro 'task'. • https://github.com/BurakSevben/CVE-2024-24141 https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •