CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42242
https://notcve.org/view.php?id=CVE-2022-42242
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /csms/classes/Master.php?f=delete_booking • https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42250
https://notcve.org/view.php?id=CVE-2022-42250
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /csms/admin/inquiries/view_details.php?id= • https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41434
https://notcve.org/view.php?id=CVE-2021-41434
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en la aplicación Expense Management System versión 1.0, que permite una ejecución arbitraria de comandos JavaScript mediante el archivo index.php • https://egavilanmedia.com/Expense-Management-System https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41434.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37796
https://notcve.org/view.php?id=CVE-2022-37796
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). En Simple Online Book Store System versión 1.0, en el archivo /admin_book.php los parámetros Title, Author y Description son vulnerables a un ataque de tipo Cross Site Scripting (XSS) • https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Online%20Book%20Store-XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36754
https://notcve.org/view.php?id=CVE-2022-36754
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Se ha detectado que Expense Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en /Home/debit_credit_p • https://github.com/mikeccltt/0724/blob/main/ci_ems/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •