CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3151 – Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3151
02 Apr 2024 — A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1oTqULJy357Z4dk85vPR_yMFXRNhwZywX/view?usp=sharing • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2996 – Bdtask Multi-Store Inventory Management System Page Title cross site scripting
https://notcve.org/view.php?id=CVE-2024-2996
27 Mar 2024 — A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://drive.google.com/file/d/115tr5PJ_RmSlaLR_jLXPyJse6ojSFRxu/view?usp=drivesdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2639 – Bdtask Wholesale Inventory Management System session fixiation
https://notcve.org/view.php?id=CVE-2024-2639
19 Mar 2024 — A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. • https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk • CWE-384: Session Fixation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2277 – Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2277
08 Mar 2024 — A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Gray-0men/CVE-2024-22774 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2276 – Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-2276
08 Mar 2024 — A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2275 – Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting
https://notcve.org/view.php?id=CVE-2024-2275
08 Mar 2024 — A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public... • https://github.com/hacker625/CVE-2024-22752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2274 – Bdtask G-Prescription Gynaecology & OBS Consultation Software Prescription Dashboard Index cross site scripting
https://notcve.org/view.php?id=CVE-2024-2274
08 Mar 2024 — A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2133 – Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting
https://notcve.org/view.php?id=CVE-2024-2133
02 Mar 2024 — A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tykawaii98/CVE-2024-21338_PoC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1749 – Bdtask Bhojon Best Restaurant Management Software Message Page message cross site scripting
https://notcve.org/view.php?id=CVE-2024-1749
22 Feb 2024 — A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1oM1h3E9G17lgkbSnhq7FQjfAtEojDNFo/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-28993
https://notcve.org/view.php?id=CVE-2022-28993
20 May 2022 — Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Multi Store Inventory Management System versión v1.0, permite a atacantes llevar a cabo una toma de control de cuentas por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html • CWE-862: Missing Authorization •