EUVD-2022-24618

Malicious code in bioql PyPI...

EUVD-2022-33700

Malicious code in bioql PyPI...

CVE-2022-29359

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-29359

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-29359

CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...

CVE-2022-1288

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...

CVE-2022-1288 School Club Application System cross site scripting

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...

CVE-2022-1288

CVE-2022-1288 – School Club Application System 1.0 suffers a reflected cross-site scripting (XSS) vulnerability in the /scas/admin/ page. The issue is triggered by manipulating the page parameter with the payload “%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E”, which can be exploited remotely withou...

CVE-2022-1288 School Club Application System cross site scripting

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...

CVE-2022-1287

The CVE-2022-1287 entry concerns School Club Application System 1.0. A vulnerability in the handler for POST requests to /scas/classes/Users.php?f=save_user allows privilege escalation. The flaw is exploitable remotely without authentication, and exploitation has been publicly disclosed. This is ...

School Club Application System 注入漏洞

School Club Application System is a school club application system by Carlo Montero Personal Developer. A security vulnerability exists in School Club Application System version 1.0, which stems from an action on a POST request that results in an escalation of privileges. A remote attacker can us...