CVE-2023-1030 – SourceCodester Online Boat Reservation System POST Parameter login.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1030
24 Feb 2023 — A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jidle123/bug_report/blob/main/vendors/winex01/Online%20Boat%20Reservation%20System/XSS-1.md#online-boat-reservation-system-v10-by-winex01-has-cross-site-scripting-reflected • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-35261
https://notcve.org/view.php?id=CVE-2020-35261
15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Restaurant Name en el archivo /dashboard/profile.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36550
https://notcve.org/view.php?id=CVE-2020-36550
15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Table Name en el archivo /dashboard/table-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36551
https://notcve.org/view.php?id=CVE-2020-36551
15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Item Name en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36552
https://notcve.org/view.php?id=CVE-2020-36552
15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Made en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36553
https://notcve.org/view.php?id=CVE-2020-36553
15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Area(food_type) en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-33061
https://notcve.org/view.php?id=CVE-2022-33061
29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_service • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-33060
https://notcve.org/view.php?id=CVE-2022-33060
29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_schedule • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-8.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-33059
https://notcve.org/view.php?id=CVE-2022-33059
29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_train • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-7.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-33058
https://notcve.org/view.php?id=CVE-2022-33058
29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_message • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-6.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •