CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4251 – Movie Ticket Booking System editBooking.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4251
A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aman05382/movie_ticket_booking_system_php/issues/4 https://vuldb.com/?id.214628 • CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4248 – Movie Ticket Booking System editBooking.php sql injection
https://notcve.org/view.php?id=CVE-2022-4248
A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aman05382/movie_ticket_booking_system_php/issues/3 https://vuldb.com/?id.214625 • CWE-707: Improper Neutralization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43083
https://notcve.org/view.php?id=CVE-2022-43083
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en admin-add-vehicle.php de Vehicle Booking System v1.0 permite a los atacantes ejecutar código arbitrario a través de un archivo PHP manipulado. • https://github.com/Tr0e/CVE_Hunter/blob/main/RCE-2.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43084
https://notcve.org/view.php?id=CVE-2022-43084
A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en admin-add-vehicle.php de Vehicle Booking System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro v_name. • https://github.com/Tr0e/CVE_Hunter/blob/main/XSS-5.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2692 – SourceCodester Wedding Hall Booking System Staff User Profile cross site scripting
https://notcve.org/view.php?id=CVE-2022-2692
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/Jamison2022/Wedding-Hall-Booking-System/blob/main/WHBS-XSS.md https://vuldb.com/?id.205815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •