CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30930
https://notcve.org/view.php?id=CVE-2022-30930
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). Tourism Management System Versión V 3.2, está afectada por: Un ataque de tipo Cross Site Request Forgery (CSRF) • https://medium.com/%40pmmali/my-second-cve-2022-30930-4f9aab047518 https://www.acunetix.com/vulnerabilities/web/possible-csrf-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4232 – Zoo Management System manage-ticket.php cross site scripting
https://notcve.org/view.php?id=CVE-2021-4232
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en Zoo Management System versión 1.0. • https://vuldb.com/?id.178254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29004
https://notcve.org/view.php?id=CVE-2022-29004
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. Se ha detectado que Diary Management System versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro Name en el archivo search-result.php • https://github.com/sudoninja-noob/CVE-2022-29004 http://phpgurukul.com https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt https://phpgurukul.com/e-diary-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29005
https://notcve.org/view.php?id=CVE-2022-29005
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente /obcs/user/profile.php de Online Birth Certificate System versión v1.2, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en los parámetros fname o lname • https://github.com/sudoninja-noob/CVE-2022-29005 http://online.com https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1816 – Zoo Management System Content Module cross site scripting
https://notcve.org/view.php?id=CVE-2022-1816
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Zoo-Management-System/Zoo-Management-System%28XSS%29.md https://vuldb.com/?id.200558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •