CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0966 – SourceCodester Online Eyewear Shop cross site scripting
https://notcve.org/view.php?id=CVE-2023-0966
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. • https://github.com/1MurasaKi/Eyewear_Shop_XSS/blob/main/README.md https://vuldb.com/?ctiid.221635 https://vuldb.com/?id.221635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0732 – SourceCodester Online Eyewear Shop POST Request Users.php registration cross site scripting
https://notcve.org/view.php?id=CVE-2023-0732
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. • https://vuldb.com/?ctiid.220369 https://vuldb.com/?id.220369 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0686 – SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection
https://notcve.org/view.php?id=CVE-2023-0686
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. • https://vuldb.com/?ctiid.220245 https://vuldb.com/?id.220245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0673 – SourceCodester Online Eyewear Shop sql injection
https://notcve.org/view.php?id=CVE-2023-0673
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://vuldb.com/?ctiid.220195 https://vuldb.com/?id.220195 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •