CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23024
https://notcve.org/view.php?id=CVE-2023-23024
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de cross site scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro writer. • https://gist.github.com/enferas/6ae66b7daf4f86997cd5320975f209e2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45613
https://notcve.org/view.php?id=CVE-2022-45613
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de cross-site scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante un payload manipulado inyectado en el parámetro "editor". • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/stored-xss https://medium.com/%40just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-45217
https://notcve.org/view.php?id=CVE-2022-45217
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. Una vulnerabilidad de Cross-Site Scripting (XSS) en Book Store Management System v1.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el parámetro Level bajo el módulo Add New System User. • https://github.com/sudoninja-noob/CVE-2022-45217 https://github.com/sudoninja-noob/CVE-2022-45217/blob/main/CVE-2022-45217 https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45215
https://notcve.org/view.php?id=CVE-2022-45215
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. Una vulnerabilidad de Cross-Site Scripting (XSS) en Book Store Management System v1.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el parámetro Nombre en el módulo Agregar nuevo usuario del sistema. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45215 https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4228 – SourceCodester Book Store Management System information disclosure
https://notcve.org/view.php?id=CVE-2022-4228
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/passwd-hash https://vuldb.com/?ctiid.214587 https://vuldb.com/?id.214587 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •