35 results (0.007 seconds)

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. • https://code-projects.org https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9 https://vuldb.com/?ctiid.281024 https://vuldb.com/?id.281024 https://vuldb.com/?submit.426916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. • https://code-projects.org https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec https://vuldb.com/?ctiid.281023 https://vuldb.com/?id.281023 https://vuldb.com/?submit.426885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. • https://code-projects.org https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab https://vuldb.com/?ctiid.281022 https://vuldb.com/?id.281022 https://vuldb.com/?submit.426884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24 https://vuldb.com/?ctiid.281021 https://vuldb.com/?id.281021 https://vuldb.com/?submit.426862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/holypryx/CVE-2024-10140 https://code-projects.org https://gist.github.com/higordiego/b03bc3a330374a0581e51891d6105ed2 https://vuldb.com/?ctiid.280928 https://vuldb.com/?id.280928 https://vuldb.com/?submit.425348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •