8 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= Budget and Expense Tracker System v1.0 es vulnerable a la inyección SQL a través de /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= • https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App https://vuldb.com/?ctiid.240914 https://vuldb.com/?id.240914 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. La aplicación Sourcecodester Expense Tracker v1 es vulnerable a Cross Site Scripting (XSS) a través de la categoría "add". • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44048.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wucwu1/CVEApplication/blob/main/SQL.md https://vuldb.com/?ctiid.229278 https://vuldb.com/?id.229278 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.224307 https://vuldb.com/?id.224307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •