CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11259 – code-projects Farmacia fornecedores.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11259
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/13u11erFly/cve/blob/main/xss.md https://vuldb.com/?ctiid.284717 https://vuldb.com/?id.284717 https://vuldb.com/?submit.443398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11246 – code-projects Farmacia adicionar-cliente.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11246
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/curry136/cve/blob/main/xss8.md https://vuldb.com/?ctiid.284682 https://vuldb.com/?id.284682 https://vuldb.com/?submit.443189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11245 – code-projects Farmacia editar-produto.php sql injection
https://notcve.org/view.php?id=CVE-2024-11245
A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/WEFNNTT/cve/blob/main/sql.md https://vuldb.com/?ctiid.284681 https://vuldb.com/?id.284681 https://vuldb.com/?submit.443188 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11244 – code-projects Farmacia editar-cliente.php sql injection
https://notcve.org/view.php?id=CVE-2024-11244
A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/zsx020121/cve/blob/main/sql.md https://vuldb.com/?ctiid.284680 https://vuldb.com/?id.284680 https://vuldb.com/?submit.443177 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •