CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-37070
https://notcve.org/view.php?id=CVE-2023-37070
Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) • https://code-projects.org/hospital-information-system-in-php-with-source-code https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37070-Exploit.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2022-36669
https://notcve.org/view.php?id=CVE-2022-36669
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Hospital Information System versión 1.0, sufre una vulnerabilidad de inyección SQL remota que permite omitir la autenticación • https://code-projects.org/hospital-information-system-in-php-with-source-code https://github.com/saitamang/POC-DUMP/blob/main/Hospital%20Information%20System/README.md https://github.com/saitamang/POC-DUMP/tree/main/Hospital%20Information%20System https://packetstormsecurity.com/files/167803/Hospital-Information-System-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •