CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1363 – SourceCodester Computer Parts Sales and Inventory System Add User Account cross site scripting
https://notcve.org/view.php?id=CVE-2023-1363
13 Mar 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Songs-YZS/CveList/blob/main/Computer-Parts-Sales-and-Inventory-System-has-Cross-Site-Scriptin-vulnerability.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1351 – SourceCodester Computer Parts Sales and Inventory System cust_transac.php sql injection
https://notcve.org/view.php?id=CVE-2023-1351
11 Mar 2023 — A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/chenxing0903/CveHub/blob/main/Computer-Parts-Sales-And-Inventory-System-Sql-Vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1179 – SourceCodester Computer Parts Sales and Inventory System Add Supplier cross site scripting
https://notcve.org/view.php?id=CVE-2023-1179
05 Mar 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Amat0eur/MyCve/blob/main/Computer-Parts-Sales-And-Inventory-System-Xss.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1131 – SourceCodester Computer Parts Sales and Inventory System customer.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1131
01 Mar 2023 — A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/WhiteA1so/Cvetest/blob/main/1.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1130 – SourceCodester Computer Parts Sales and Inventory System processlogin sql injection
https://notcve.org/view.php?id=CVE-2023-1130
01 Mar 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/WhiteA1so/Cvetest/blob/main/Sql1.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •