CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0262 – Online Job Portal Create News Page News.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0262
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos https://vuldb.com/?ctiid.249818 https://vuldb.com/?id.249818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46679 – Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-46679
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. Online Job Portal v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'txt_uname_email' del recurso index.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/netrebko https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46677 – Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-46677
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. Online Job Portal v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'txt_uname' del recurso sign-up.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/netrebko https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •