CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0464 – SourceCodester Task Reminder System Maintenance Section cross site scripting
https://notcve.org/view.php?id=CVE-2025-0464
14 Jan 2025 — A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.291481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0294 – SourceCodester Home Clean Services Management System process.php sql injection
https://notcve.org/view.php?id=CVE-2025-0294
07 Jan 2025 — A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiaosguang/cve/blob/main/Home%20Clean%20Services%20Management/Home%20Clean%20Services%20Management%20System%20process.php%20id%20SQL%20injection.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0173 – SourceCodester Online Eyewear Shop view_order.php sql injection
https://notcve.org/view.php?id=CVE-2025-0173
02 Jan 2025 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/listlonely/cve/blob/main/sql.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13069 – SourceCodester Multi Role Login System add-user.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-13069
31 Dec 2024 — A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Multi%20Role%20Login%20System.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13021 – SourceCodester Road Accident Map Marker add-mark.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-13021
29 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12536 – SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12536
12 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.287912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12357 – SourceCodester Best House Rental Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-12357
09 Dec 2024 — A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://pastebin.com/Qupf8YbH • CWE-73: External Control of File Name or Path •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12355 – SourceCodester Phone Contact Manager System ContactBook.cpp adding input validation
https://notcve.org/view.php?id=CVE-2024-12355
09 Dec 2024 — A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/TinkAnet/cve/blob/main/BOF2.md • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12354 – SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow
https://notcve.org/view.php?id=CVE-2024-12354
09 Dec 2024 — A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/jasontimwong/CVE/issues/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12353 – SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation
https://notcve.org/view.php?id=CVE-2024-12353
09 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/jasontimwong/CVE/issues/1 • CWE-20: Improper Input Validation •