CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3151 – Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3151
02 Apr 2024 — A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1oTqULJy357Z4dk85vPR_yMFXRNhwZywX/view?usp=sharing • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2996 – Bdtask Multi-Store Inventory Management System Page Title cross site scripting
https://notcve.org/view.php?id=CVE-2024-2996
27 Mar 2024 — A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://drive.google.com/file/d/115tr5PJ_RmSlaLR_jLXPyJse6ojSFRxu/view?usp=drivesdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2639 – Bdtask Wholesale Inventory Management System session fixiation
https://notcve.org/view.php?id=CVE-2024-2639
19 Mar 2024 — A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. • https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk • CWE-384: Session Fixation •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2133 – Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting
https://notcve.org/view.php?id=CVE-2024-2133
02 Mar 2024 — A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tykawaii98/CVE-2024-21338_PoC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-28993
https://notcve.org/view.php?id=CVE-2022-28993
20 May 2022 — Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Multi Store Inventory Management System versión v1.0, permite a atacantes llevar a cabo una toma de control de cuentas por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28991
https://notcve.org/view.php?id=CVE-2022-28991
20 May 2022 — Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Se ha detectado que Multi Store Inventory Management System versión v1.0, contiene una vulnerabilidad de divulgación de información que permite a atacantes acceder a archivos confidenciales • https://packetstormsecurity.com/files/166590/Multi-Store-Inventory-Management-System-1.0-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36012
https://notcve.org/view.php?id=CVE-2020-36012
27 Jan 2021 — Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. Una vulnerabilidad de tipo XSS almacenado en BDTASK Multi-Store Inventory Management System versión 1.0, permite a un administrador local inyectar código arbitrario por medio del Customer Name Field • http://bdtask.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •