CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3546 – SourceCodester Simple Cold Storage Management System Create User cross site scripting
https://notcve.org/view.php?id=CVE-2022-3546
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. • https://github.com/thehackingverse/CVE-2022-3546 https://github.com/thehackingverse/Stored-xss-/blob/main/Poc https://vuldb.com/?id.211046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3497 – SourceCodester Human Resource Management System Master List cross site scripting
https://notcve.org/view.php?id=CVE-2022-3497
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?id.210786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3502 – Human Resource Management System Leave cross site scripting
https://notcve.org/view.php?id=CVE-2022-3502
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss https://vuldb.com/?id.210831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42232
https://notcve.org/view.php?id=CVE-2022-42232
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. Simple Cold Storage Management System versión 1.0, es vulnerable a una inyección SQL por medio del archivo /csms/classes/Master.php?f=delete_storage • https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3496 – SourceCodester Human Resource Management System Admin Panel employeeadd.php access control
https://notcve.org/view.php?id=CVE-2022-3496
A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. • https://vuldb.com/?id.210785 • CWE-266: Incorrect Privilege Assignment •