CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18263
https://notcve.org/view.php?id=CVE-2020-18263
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL en el componente search.php por medio del parámetro search. Esta vulnerabilidad permite a atacantes acceder a información confidencial de la base de datos • https://github.com/harshitbansal373/PHP-CMS/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-25791 – Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS
https://notcve.org/view.php?id=CVE-2021-25791
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. Múltiples vulnerabilidades de cross site scripting (XSS) almacenadas en el módulo "Update Profile" de Online Doctor Appointment System versión 1.0, permiten a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas útiles diseñadas en los campos de texto First Name, Last Name y Address • https://www.exploit-db.com/exploits/49396 https://github.com/MrCraniums/CVE-2021-25791-Multiple-Stored-XSS https://www.sourcecodester.com https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-25790
https://notcve.org/view.php?id=CVE-2021-25790
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. Múltiples vulnerabilidades de tipo cross site scripting (XSS) almacenadas en el módulo "Register" de House Rental and Property Listing versión 1.0, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas útiles diseñadas en todos los campos de texto excepto en Phone Number y Alternate Phone Number • https://github.com/MrCraniums/CVE-2021-25790-Multiple-Stored-XSS https://www.exploit-db.com/exploits/49352 https://www.sourcecodester.com https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25955 – Student Management System Project PHP 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-25955
SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en SourceCodester Student Management System Project en PHP versión 1.0, por medio de la pestaña "add subject" Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/160398/Student-Management-System-Project-PHP-1.0-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Dec/4 https://seclists.org/fulldisclosure/2020/Dec/4 https://www.sourcecodester.com/php/14443/student-management-system-project-php.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29283
https://notcve.org/view.php?id=CVE-2020-29283
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. Se detectó una vulnerabilidad de inyección SQL en Online Doctor Appointment Booking System PHP por medio del parámetro q en el archivo getuser.php • https://github.com/BigTiger2020/Online-Doctor-Appointment-Booking-System-PHP/blob/main/README.md https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •