CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0781 – CodeAstro Internet Banking System pages_client_signup.php redirect
https://notcve.org/view.php?id=CVE-2024-0781
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS https://vuldb.com/?ctiid.251697 https://vuldb.com/?id.251697 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0773 – CodeAstro Internet Banking System pages_client_signup.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0773
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing https://vuldb.com/?ctiid.251677 https://vuldb.com/?id.251677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0194 – CodeAstro Internet Banking System Profile Picture pages_account.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0194
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing https://vuldb.com/?ctiid.249509 https://vuldb.com/?id.249509 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5699 – CodeAstro Internet Banking System pages_view_client.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5699
A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%207.pdf https://vuldb.com/?ctiid.243137 https://vuldb.com/?id.243137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5698 – CodeAstro Internet Banking System pages_deposit_money.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5698
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. • https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%206.pdf https://vuldb.com/?ctiid.243136 https://vuldb.com/?id.243136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •