CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39054 – COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-39054
Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. Cowell enterprise travel management system no presenta un filtrado suficiente para los caracteres especiales dentro de la URL de la web. Un atacante remoto no autenticado puede inyectar JavaScript y llevar a cabo un ataque de tipo XSS (Cross-Site Scripting Reflejado) • https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30838
https://notcve.org/view.php?id=CVE-2022-30838
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/classes/Master.php?f=update_application_status • https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30842
https://notcve.org/view.php?id=CVE-2022-30842
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de /ctpms/classes/Users.php?f=save, firstname • https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30411
https://notcve.org/view.php?id=CVE-2022-30411
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/admin/?page=individuals/view_individual&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30412
https://notcve.org/view.php?id=CVE-2022-30412
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. Covid-19 Travel Pass Management System versión v1.0, es vulnerable a una inyección SQL por medio de /ctpms/admin/individuals/update_status.php?id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/covid-19-travel-pass-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •