CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23161 – Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23161
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. Art Gallery Management System Project version 1.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51214 http://packetstormsecurity.com/files/171642/Art-Gallery-Management-System-Project-1.0-Cross-Site-Scripting.html https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23161/CVE-2023-23161.txt https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23162 – Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
https://notcve.org/view.php?id=CVE-2023-23162
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. Art Gallery Management System Project version 1.0 suffers from multiple remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/51215 http://packetstormsecurity.com/files/171643/Art-Gallery-Management-System-Project-1.0-SQL-Injection.html https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23162/CVE-2023-23162.txt https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0563 – PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-0563
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ctflearner/Vulnerability/blob/main/Bank_Locker_Management_System/BLMS_XSS_IN_ADMIN_BROWSER.md https://vuldb.com/?ctiid.219717 https://vuldb.com/?id.219717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 1CVE-2023-0562 – PHPGurukul Bank Locker Management System Login index.php sql injection
https://notcve.org/view.php?id=CVE-2023-0562
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/Bank_Locker_Management_System/Bank%20Locker%20Management%20System-SQL%20.md https://vuldb.com/?ctiid.219716 https://vuldb.com/?id.219716 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45730
https://notcve.org/view.php?id=CVE-2022-45730
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. Una vulnerabilidad de cross site scripting (XSS) en Doctor Appointment Management System v1.0.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en la función de búsqueda. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45730 https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •