CVE-2024-7948 – SourceCodester Accounts Manager App Update Account Page update-account.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7948
A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. This vulnerability affects unknown code of the file update-account.php of the component Update Account Page. The manipulation of the argument Account Name/Username/Password/Link leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Accounts_Manager_App_update_account_xss.md https://vuldb.com/?ctiid.275140 https://vuldb.com/?id.275140 https://vuldb.com/?submit.393921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7749 – SourceCodester Accounts Manager App add-account.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7749
A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.274368 https://vuldb.com/?ctiid.274368 https://vuldb.com/?submit.389359 https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appxss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7748 – SourceCodester Accounts Manager App delete-account.php sql injection
https://notcve.org/view.php?id=CVE-2024-7748
A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.274367 https://vuldb.com/?ctiid.274367 https://vuldb.com/?submit.389358 https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appsql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •