CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2021-43141
https://notcve.org/view.php?id=CVE-2021-43141
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Simple Subscription Website versión 1.0, por medio del parámetro id en plan_application • https://github.com/Jeromeyoung/CVE-2021-43141 https://github.com/Dir0x/CVE-2021-43141 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-43141 https://streamable.com/8gydfs https://www.nu11secur1ty.com/2021/11/cve-2021-43141.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4CVE-2021-43140 – Simple Subscription Website 1.0 - SQLi Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-43140
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Subscription Website versión 1.0. por medio del inicio de sesión Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/50522 http://packetstormsecurity.com/files/164968/Simple-Subscription-Website-1.0-SQL-Injection.html https://github.com/Dir0x/CVE-2021-43140 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-43140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •