A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to.....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user.....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user.....
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking...
6.3CVSS
5.2AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the...
6.1CVSS
6AI Score
0.001EPSS
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site...
5.4CVSS
5.5AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Affected by this vulnerability is an unknown functionality of the file /obs/bookPerPub.php. The manipulation of the argument bookisbn leads to sql injection. The attack can be launched...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of...
9.8CVSS
9.7AI Score
0.001EPSS
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system...
9.8CVSS
9.7AI Score
0.003EPSS
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution...
9.8CVSS
9.7AI Score
0.019EPSS
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email...
5.4CVSS
5.2AI Score
0.001EPSS
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not...
5.4CVSS
5.2AI Score
0.001EPSS
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path...
7.5CVSS
7.5AI Score
0.001EPSS
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product...
5.3CVSS
5.3AI Score
0.002EPSS
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be...
6.1CVSS
5.9AI Score
0.001EPSS