CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46071
https://notcve.org/view.php?id=CVE-2021-46071
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Categorías en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46071 https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46072
https://notcve.org/view.php?id=CVE-2021-46072
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Servicios en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46072 https://github.com/plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-service-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46073
https://notcve.org/view.php?id=CVE-2021-46073
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Sourcecodester Vehicle Service Management System versión 1.0, por medio de la Sección de Lista de Usuarios en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46073 https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46074
https://notcve.org/view.php?id=CVE-2021-46074
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Sourcecodester Vehicle Service Management System versión 1.0, por medio de la Sección de Configuración en el panel de inicio de sesión. • https://github.com/plsanu/CVE-2021-46074 https://github.com/plsanu/Vehicle-Service-Management-System-Settings-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46075
https://notcve.org/view.php?id=CVE-2021-46075
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. Se presenta una vulnerabilidad de Escalada de Privilegios en Sourcecodester Vehicle Service Management System versión 1.0. Los usuarios de la cuenta de personal pueden acceder a los recursos de administración y llevar a cabo operaciones CRUD. • https://github.com/plsanu/CVE-2021-46075 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Privilege-Escalation-Leads-to-CRUD-Operations https://www.plsanu.com/vehicle-service-management-system-multiple-privilege-escalation-leads-to-crud-operations • CWE-862: Missing Authorization •