Page 3 of 56 results (0.017 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

24 Feb 2023 — A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jidle123/bug_report/blob/main/vendors/winex01/Online%20Boat%20Reservation%20System/XSS-1.md#online-boat-reservation-system-v10-by-winex01-has-cross-site-scripting-reflected • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Restaurant Name en el archivo /dashboard/profile.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Table Name en el archivo /dashboard/table-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Item Name en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Made en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2022 — Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester Multi Restaurant Table Reservation System versión 1.0, por medio del campo Area(food_type) en el archivo /dashboard/menu-list.php • https://github.com/yunaranyancat/poc-dump/tree/main/MultiRestaurantReservationSystem/1.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_service • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_schedule • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-8.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_train • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-7.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

29 Jun 2022 — Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. Se ha detectado que Online Railway Reservation System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /classes/Master.php?f=delete_message • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-railway-reservation-system/SQLi-6.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •