CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49540
https://notcve.org/view.php?id=CVE-2023-49540
01 Mar 2024 — Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter. • https://github.com/geraldoalcantara/CVE-2023-49540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49543
https://notcve.org/view.php?id=CVE-2023-49543
01 Mar 2024 — Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. • https://github.com/geraldoalcantara/CVE-2023-49543 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23024
https://notcve.org/view.php?id=CVE-2023-23024
20 Jan 2023 — Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de cross site scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload ma... • https://gist.github.com/enferas/6ae66b7daf4f86997cd5320975f209e2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45613
https://notcve.org/view.php?id=CVE-2022-45613
18 Jan 2023 — Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de cross-site scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante un payload ma... • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-45217
https://notcve.org/view.php?id=CVE-2022-45217
07 Dec 2022 — A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. Una vulnerabilidad de Cross-Site Scripting (XSS) en Book Store Management System v1.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el parámetro Level bajo el módulo Add New System User. • https://github.com/sudoninja-noob/CVE-2022-45217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45215
https://notcve.org/view.php?id=CVE-2022-45215
02 Dec 2022 — A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. Una vulnerabilidad de Cross-Site Scripting (XSS) en Book Store Management System v1.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el parámetro Nombre en el módulo Agregar nuevo usuario del sistema. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 1CVE-2022-4228 – SourceCodester Book Store Management System information disclosure
https://notcve.org/view.php?id=CVE-2022-4228
30 Nov 2022 — A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/passwd-hash • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4229 – SourceCodester Book Store Management System index.php access control
https://notcve.org/view.php?id=CVE-2022-4229
30 Nov 2022 — A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/broken-access-control • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44097
https://notcve.org/view.php?id=CVE-2022-44097
30 Nov 2022 — Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Se descubrió que Book Store Management System v1.0 contenía credenciales codificadas que permiten a los atacantes escalar privilegios y acceder al panel de administración. • https://github.com/upasvi/CVE-/issues/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45225
https://notcve.org/view.php?id=CVE-2022-45225
25 Nov 2022 — Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de Cross-Site Scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payloa... • https://medium.com/%40just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •