CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6896 – SourceCodester Simple Image Stack Website cross site scripting
https://notcve.org/view.php?id=CVE-2023-6896
A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.248255 https://vuldb.com/?id.248255 https://www.yuque.com/u39434519/pfhiwd/vry762ncuczem3yi?singleDoc# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6771 – SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection
https://notcve.org/view.php?id=CVE-2023-6771
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907. • https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md https://vuldb.com/?ctiid.247907 https://vuldb.com/?id.247907 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6658 – SourceCodester Simple Student Attendance System sql injection
https://notcve.org/view.php?id=CVE-2023-6658
A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. • https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md https://vuldb.com/?ctiid.247366 https://vuldb.com/?id.247366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6657 – SourceCodester Simple Student Attendance System student_form.php sql injection
https://notcve.org/view.php?id=CVE-2023-6657
A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability. • https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/student_form.php_SQL_injection.md https://vuldb.com/?ctiid.247365 https://vuldb.com/?id.247365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6650 – SourceCodester Simple Invoice Generator System login.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6650
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/x1280/CVE/blob/main/Cross-site%20Scriping_cashier.md https://vuldb.com/?ctiid.247343 https://vuldb.com/?id.247343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •