CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45202 – Online Examination System v1.0 - Multiple Open Redirects
https://notcve.org/view.php?id=CVE-2023-45202
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de Open Redirect. El parámetro 'q' del recurso feed.php permite a un atacante redirigir a un usuario víctima a un sitio web arbitrario utilizando una URL manipulada. • https://fluidattacks.com/advisories/uchida https://projectworlds.in • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45201 – Online Examination System v1.0 - Multiple Open Redirects
https://notcve.org/view.php?id=CVE-2023-45201
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. Online Examination System v1.0 es afectado por múltiples vulnerabilidades de Open Redirect. El parámetro 'q' del recurso admin.php permite a un atacante redirigir a un usuario víctima a un sitio web arbitrario utilizando una URL manipulada. • https://fluidattacks.com/advisories/uchida https://projectworlds.in • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44484 – Online Blood Donation Management System v1.0 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-44484
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. Online Blood Donation Management System v1.0 es afectado por múltiples vulnerabilidades de Cross-Site Scripting Almacenado. El parámetro 'firstName' del recurso users/register.php se copia en el documento users/member.php como texto plano entre etiquetas. • https://fluidattacks.com/advisories/carpenter https://projectworlds.in • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44480 – Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-44480
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. Leave Management System Project v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticada. El parámetro 'setcasualleave' del recurso admin/setleaves.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/martin https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44267 – Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-44267
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. Online Art Gallery v1.0 es vulnerable a múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'lnm' del recurso header.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/ono https://https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •