CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13021 – SourceCodester Road Accident Map Marker add-mark.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-13021
29 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12536 – SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12536
12 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.287912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12357 – SourceCodester Best House Rental Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-12357
09 Dec 2024 — A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://pastebin.com/Qupf8YbH • CWE-73: External Control of File Name or Path •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12355 – SourceCodester Phone Contact Manager System ContactBook.cpp adding input validation
https://notcve.org/view.php?id=CVE-2024-12355
09 Dec 2024 — A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/TinkAnet/cve/blob/main/BOF2.md • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12354 – SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow
https://notcve.org/view.php?id=CVE-2024-12354
09 Dec 2024 — A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/jasontimwong/CVE/issues/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12353 – SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation
https://notcve.org/view.php?id=CVE-2024-12353
09 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/jasontimwong/CVE/issues/1 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11860 – SourceCodester Best House Rental Management System POST Request ajax.php improper authorization
https://notcve.org/view.php?id=CVE-2024-11860
27 Nov 2024 — A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. • https://drive.google.com/file/d/1CyjtknGVqn5QO_R1WZX-hoGH8ae5DjRq/view • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11743 – SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-11743
26 Nov 2024 — A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/YasserREED/YasserREED-CVEs/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Cross-Site%20Request%20Forgery%20(CSRF).md • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11742 – SourceCodester Best House Rental Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11742
26 Nov 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. • https://github.com/YasserREED/YasserREED-CVEs/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Stored%20Cross-Site%20Scripting%20(XSS).md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11262 – SourceCodester Student Record Management System View All Student Marks main stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11262
15 Nov 2024 — A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/Hacker0xone/CVE/issues/13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •