CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3987 – SourceCodester Simple Online Mens Salon Management System sql injection
https://notcve.org/view.php?id=CVE-2023-3987
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. • https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/SQL%20Injection https://vuldb.com/?ctiid.235608 https://vuldb.com/?id.235608 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3986 – SourceCodester Simple Online Mens Salon Management System cross site scripting
https://notcve.org/view.php?id=CVE-2023-3986
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. • https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS https://vuldb.com/?ctiid.235607 https://vuldb.com/?id.235607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •