CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46067
https://notcve.org/view.php?id=CVE-2021-46067
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. En Vehicle Service Management System versión 1.0, un atacante puede robar las cookies, conllevando a una toma de control total de la cuenta. • https://github.com/plsanu/CVE-2021-46067 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Cookie-Stealing-Leads-to-Full-Account-Takeover https://www.plsanu.com/vehicle-service-management-system-multiple-cookie-stealing-leads-to-full-account-takeover •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46069
https://notcve.org/view.php?id=CVE-2021-46069
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Mecánicos en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46069 https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46070
https://notcve.org/view.php?id=CVE-2021-46070
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Peticiones de Servicios en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46070 https://github.com/plsanu/Vehicle-Service-Management-System-Service-Requests-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-service-requests-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46071
https://notcve.org/view.php?id=CVE-2021-46071
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Categorías en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46071 https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46072
https://notcve.org/view.php?id=CVE-2021-46072
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Servicios en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46072 https://github.com/plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-service-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •