CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-30247
https://notcve.org/view.php?id=CVE-2023-30247
12 May 2023 — File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. • https://github.com/qingning988/cve_report/blob/main/storage-unit-rental-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1559 – SourceCodester Storage Unit Rental Management System unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1559
22 Mar 2023 — A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2022-43117
https://notcve.org/view.php?id=CVE-2022-43117
21 Nov 2022 — Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. Se descubrió que la aplicación de almacenamiento de contraseñas Sourcecodester en PHP/OOP y MySQL 1.0 contiene múltiples vulnerabilidades de cross-site scripting (XSS) a través de los parámetros Nombre, Nombre de usuario, Descripción y Característica del sitio. • https://github.com/RashidKhanPathan/CVE-2022-43117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43142
https://notcve.org/view.php?id=CVE-2022-43142
17 Nov 2022 — A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente add-fee.php de Password Storage Application v1.0 permite a los atacantes ejecutars scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro cmddept. • https://github.com/TongJinBo/BugReport/blob/main/XssBug.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 3CVE-2022-43229 – Simple Cold Storage Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-43229
28 Oct 2022 — Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /bookings/update_status.php. Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/169605 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43230
https://notcve.org/view.php?id=CVE-2022-43230
28 Oct 2022 — Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /admin/?page=bookings/view_details. • https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42993
https://notcve.org/view.php?id=CVE-2022-42993
27 Oct 2022 — Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. Se descubrió que Password Storage Application v1.0 contiene una vulnerabilidad de Cross-Site Scripting (XSS) a través de la página de Setup. • http://oretnom23.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3547 – SourceCodester Simple Cold Storage Management System Setting cross site scripting
https://notcve.org/view.php?id=CVE-2022-3547
17 Oct 2022 — A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. • https://github.com/lakshaya0557/POCs/blob/main/POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42230
https://notcve.org/view.php?id=CVE-2022-42230
11 Oct 2022 — Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio de /csms/admin/?page=user/manage_user&id= • https://github.com/Tr0ee/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42597
https://notcve.org/view.php?id=CVE-2021-42597
16 Sep 2022 — A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Storage Unit Rental Management System PHP versión 8.0.10 , Apache 2.4.14, SURMS versión V1.0, por medio del formulario Add New Tenant List Rent List • https://cxsecurity.com/issue/WLB-2022090036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •