CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46078
https://notcve.org/view.php?id=CVE-2021-46078
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. Se presenta una vulnerabilidad de Carga de Archivos sin Restricciones en Sourcecodester Vehicle Service Management System versión 1.0. Un atacante remoto puede cargar archivos maliciosos que conllevan una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://github.com/plsanu/CVE-2021-46078 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Stored-Cross-Site-Scripting https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-stored-cross-site-scripting • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46068
https://notcve.org/view.php?id=CVE-2021-46068
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección Mi Cuenta en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46068 https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-myaccount-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46067
https://notcve.org/view.php?id=CVE-2021-46067
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. En Vehicle Service Management System versión 1.0, un atacante puede robar las cookies, conllevando a una toma de control total de la cuenta. • https://github.com/plsanu/CVE-2021-46067 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Cookie-Stealing-Leads-to-Full-Account-Takeover https://www.plsanu.com/vehicle-service-management-system-multiple-cookie-stealing-leads-to-full-account-takeover •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46069
https://notcve.org/view.php?id=CVE-2021-46069
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Mecánicos en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46069 https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46070
https://notcve.org/view.php?id=CVE-2021-46070
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Peticiones de Servicios en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46070 https://github.com/plsanu/Vehicle-Service-Management-System-Service-Requests-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-service-requests-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •