CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7408 – SourceCodester Zoo Management System animal_form_template.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7408
10 Jul 2025 — A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/manyufann/CVE/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41614
https://notcve.org/view.php?id=CVE-2023-41614
21 Sep 2023 — A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la función Agregar Detalles de Animales de Zoo Management System v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Descripci... • https://medium.com/%40guravtushar231/stored-xss-in-admin-panel-a38d1feb9ec4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41615
https://notcve.org/view.php?id=CVE-2023-41615
08 Sep 2023 — Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. Se ha descubierto que Zoo Management System v1.0 contiene múltiples vulnerabilidades de inyección SQL en la página de inicio de sesión del administrador a través de los campos de nombre de usuario y contraseña. • https://medium.com/%40guravtushar231/sql-injection-in-login-field-a9073780f7e8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40925
https://notcve.org/view.php?id=CVE-2022-40925
26 Sep 2022 — Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. Zoo Management System versión v1.0, presenta una vulnerabilidad de carga arbitraria de archivos en el punto de descarga de imágenes del archivo "save_event" del módulo "Events" del sistema de gestión de fondo. • https://github.com/admin77888/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-2.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40924
https://notcve.org/view.php?id=CVE-2022-40924
26 Sep 2022 — Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. Zoo Management System versión v1.0, presenta una vulnerabilidad de carga de archivos arbitraria en el punto de descarga de imágenes del archivo "save_animal" del módulo "Animals" en el sistema de administración en segundo plano. • https://github.com/admin77888/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40932
https://notcve.org/view.php?id=CVE-2022-40932
22 Sep 2022 — In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. En Zoo Management System versión v1.0, se presenta una vulnerabilidad de carga arbitraria de archivos en el punto de descarga de imágenes del archivo "gallery" del módulo "Gallery" en el sistema de administración de fondo • https://github.com/lime-10010/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33075
https://notcve.org/view.php?id=CVE-2022-33075
05 Jul 2022 — A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en la función Add Classification de Zoo Management System versión v1.0, permite a atacantes ejecutar scripts web o HTM arbitrarios por medio de vectores no especificados • https://github.com/angelopioamirante/CVE-2022-33075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2022-31897 – Zoo Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-31897
22 Jun 2022 — SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. SourceCodester Zoo Management System versión 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de public_html/register_visitor?msg= Zoo Management System version 1.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/167572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31914
https://notcve.org/view.php?id=CVE-2022-31914
16 Jun 2022 — Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. Zoo Management System versión v1.0 es vulnerable a Cross Site Scripting (XSS) a través de zms/admin/public_html/save_animal?an_id=24 • https://github.com/mikeccltt/0525/blob/main/zoo-management-system/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4232 – Zoo Management System manage-ticket.php cross site scripting
https://notcve.org/view.php?id=CVE-2021-4232
26 May 2022 — A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en Zoo Management System versión 1.0. • https://vuldb.com/?id.178254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •