CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6440 – SourceCodester Book Borrower System add-book.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6440
A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lscjl/lsi.webray.com.cn/blob/main/CVE-project/Book%20Borrower%20System%20Cross%20site%20scripting.md https://vuldb.com/?ctiid.246443 https://vuldb.com/?id.246443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-47014
https://notcve.org/view.php?id=CVE-2023-47014
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sourcecodester Sticky Notes App que utiliza PHP con código fuente v.1.0 permite a un atacante local obtener información confidencial a través de un payload manipulado en add-note.php. • https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS/blob/main/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5792 – SourceCodester Sticky Notes App delete-note.php sql injection
https://notcve.org/view.php?id=CVE-2023-5792
A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf https://vuldb.com/?ctiid.243598 https://vuldb.com/?id.243598 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5791 – SourceCodester Sticky Notes App add-note.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5791
A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/Cross%20Site%20Scripting.pdf https://vuldb.com/?ctiid.243597 https://vuldb.com/?id.243597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5790 – SourceCodester File Manager App add-file.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5790
A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yp1oneer/cve_hub/blob/main/File%20Manager%20App/Unrestricted%20File%20Upload.pdf https://vuldb.com/?ctiid.243595 https://vuldb.com/?id.243595 • CWE-434: Unrestricted Upload of File with Dangerous Type •