CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5581 – SourceCodester Medicine Tracker System index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5581
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md https://vuldb.com/?ctiid.242146 https://vuldb.com/?id.242146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30112
https://notcve.org/view.php?id=CVE-2023-30112
Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2023-30112 https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30106
https://notcve.org/view.php?id=CVE-2023-30106
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. • https://github.com/Rajeshwar40/CVE/blob/main/2023-30106 https://www.sourcecodester.com https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30111
https://notcve.org/view.php?id=CVE-2023-30111
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/Rajeshwar40/CVE/blob/main/2023-30111 https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30458
https://notcve.org/view.php?id=CVE-2023-30458
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. • https://github.com/d34dun1c02n/CVE-2023-30458 https://www.sourcecodester.com/download-code?nid=16308&title=Medicine+Tracker+System+in+PHP+%28OOP%29+and+MySQL+DB+Source+Code+Free+Download https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html • CWE-203: Observable Discrepancy •