12 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. Cowell enterprise travel management system no presenta un filtrado suficiente para los caracteres especiales dentro de la URL de la web. Un atacante remoto no autenticado puede inyectar JavaScript y llevar a cabo un ataque de tipo XSS (Cross-Site Scripting Reflejado) • https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/classes/Master.php?f=update_application_status • https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de /ctpms/classes/Users.php?f=save, firstname • https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/admin/?page=individuals/view_individual&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/admin/individuals/update_status.php?id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •