CVE-2026-2222 code-projects Online Reviewer System btn_functions.php cross site scripting

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

PT-2026-7087

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

PT-2026-5927

Name of the Vulnerable Software and Affected Versions NICE Chat affected versions not specified Description An HTML injection issue exists in NICE Chat. The issue allows an attacker to inject and display arbitrary HTML content within email transcripts. This is achieved by manipulating the firstNa...

CVE-2025-41003

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

CVE-2025-41003

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

CVE-2025-41003 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

CVE-2025-41003 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

CVE-2025-41003

The CVE-2025-41003 entry concerns Imaster’s Patient Record Management System, where a stored XSS vulnerability exists in the endpoint /projects/hospital/admin/edit_patient.php. The issue is triggered by injecting a malicious script into the firstname parameter, whose payload is persisted and exec...

Imaster Patient Record Management System 跨站脚本漏洞

Imaster Patient Record Management System is a patient record management system by the individual developer Nzioka Victor. The Imaster Patient Record Management System suffers from a cross-site scripting vulnerability that stems from insufficient validation of the firstname parameter in the endpoi...

PT-2026-2262

Name of the Vulnerable Software and Affected Versions Imaster Patient Record Management System affected versions not specified Description The software contains a stored Cross-Site Scripting XSS issue in the /projects/hospital/admin/edit patient.php endpoint. An attacker can inject a malicious...

Student File Management System save_user.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...

CVE-2025-14622

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

EUVD-2025-203268

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

CVE-2025-14622

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

CVE-2025-14622 code-projects Student File Management System save_user.php sql injection

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

CVE-2025-14622 code-projects Student File Management System save_user.php sql injection

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

CVE-2025-14622

Code-projects Student File Management System 1.0 has a SQL injection vulnerability in /admin/save_user.php via the firstname parameter. The issue allows remote exploitation, and public exploits have been released. Multiple connected sources confirm the vulnerability but do not provide a confirmed...

PT-2025-51130

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A security flaw exists in code-projects Student File Management System 1.0. The issue affects unknown code within the file /admin/save user.php. Manipulation of the firstname...

CVE-2025-12598

A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function savetenant of the file /adminclass.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been...