CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-13268 – Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032
https://notcve.org/view.php?id=CVE-2024-13268
09 Jan 2025 — Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. • https://www.drupal.org/sa-contrib-2024-032 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-13267 – Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031
https://notcve.org/view.php?id=CVE-2024-13267
09 Jan 2025 — Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. • https://www.drupal.org/sa-contrib-2024-031 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13265 – Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
https://notcve.org/view.php?id=CVE-2024-13265
09 Jan 2025 — Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. • https://www.drupal.org/sa-contrib-2024-029 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13264 – Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028
https://notcve.org/view.php?id=CVE-2024-13264
09 Jan 2025 — Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. • https://www.drupal.org/sa-contrib-2024-028 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13263 – Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027
https://notcve.org/view.php?id=CVE-2024-13263
09 Jan 2025 — Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. • https://www.drupal.org/sa-contrib-2024-027 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0348 – CampCodes DepEd Equipment Inventory System add_employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0348
09 Jan 2025 — A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20DepEd%20Equipment%20Inventory%20System.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0342 – CampCodes Computer Laboratory Management System edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-0342
09 Jan 2025 — A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0339 – code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0339
09 Jan 2025 — A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Es wurde eine problematische Schwachstelle in code-projects Online Bike Rental 1.0 entdeckt. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13213 – SingMR HouseRent toAdminUpdateHousePage cross site scripting
https://notcve.org/view.php?id=CVE-2024-13213
09 Jan 2025 — A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://github.com/SingMR/HouseRent/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13209 – Redaxo CMS Structure Management Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-13209
09 Jan 2025 — A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. • https://geochen.medium.com/redaxo-cms-5-18-1-cross-site-scripting-7c9a872c72f6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •