CVE-2024-40069

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting XSS via idgenerator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'...

SourceCodester Online ID Generator System 安全漏洞

SourceCodester Online ID Generator System is an open source online identity generator system from SourceCodester. A security vulnerability exists in SourceCodester Online ID Generator System version 1.0, which stems from a stored cross-site scripting attack due to incorrect manipulation of the...

Wazifa System search_resualts.php file cross-site scripting vulnerability

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the firstname/lastname parameter of the searchresualts.php file, which can be exploited to execute...

PT-2025-6851 · Unknown · Code-Projects Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A problematic issue has been found in the searchuser function of the /search resualts.php file. The manipulation of the firstname/lastname argument leads to cross site scripting. It is...

needyamin 跨站脚本漏洞

needyamin is an open source library card borrowing system by needyamin. A cross-site scripting vulnerability exists in needyamin version 1.0, which stems from a cross-site scripting attack due to incorrect manipulation of the firstname/lastname/email/borrow/useraddress parameters...

CVE-2024-50658

Server-Side Template Injection SSTI was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file...

iPublish AdPortal 代码注入漏洞

iPublish AdPortal is a self-service newspaper advertising platform from iPublish, Inc. A security vulnerability exists in iPublish AdPortal version 3.0.39 that stems from the presence of server-side template injection SSTI, which allows remote attackers to execute arbitrary code via the...

Beauty Parlour Management System Cross-Site Scripting Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

CVE-2024-53481

A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-54922

A SQL Injection was found in /admin/edituser.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit the vulnerability to access the database by executing arbitrary SQL commands via the firstname, lastname,...

PT-2024-36438 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /teacher signup.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database through...

Wazifa System updatesettings.php file cross-site scripting vulnerability

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter firstname in the file /controllers/updatesettings.php, which can be exploited by an...

CVE-2024-12001

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to...

CVE-2024-12000

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. Th...

CVE-2024-12000

CVE-2024-12000 affects code-projects Blood Bank System 1.0 in the Setting Handler component. The vulnerability is a cross-site scripting (XSS) issue triggered by manipulating the firstname parameter in the /controllers/updatesettings.php file. The attack can be initiated remotely and exploits hav...

Code-Projects Blood Bank System 代码注入漏洞

Code-Projects Blood Bank System is a Code-Projects open source blood bank management system. A code injection vulnerability exists in Code-Projects Blood Bank System version 1.0, which stems from a cross-site scripting attack caused by the parameter firstname in the file...

Code-Projects Wazifa System 代码注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter firstname in the file /controllers/updatesettings.php, which can be exploited by an...