CVE-2024-8154

The CVE-2024-8154 issue affects SourceCodester QR Code Bookmark System 1.0. Affected is the unknown function in /endpoint/update-bookmark.php (Parameter Handler). Manipulating the arguments tbl_bookmark_id, name, or url leads to cross-site scripting. Attacks can be launched remotely, and the expl...

CVE-2024-8154 SourceCodester QR Code Bookmark System Parameter update-bookmark.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tblbookmarkid/name/url leads to cross site...

CVE-2024-8154 SourceCodester QR Code Bookmark System Parameter update-bookmark.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tblbookmarkid/name/url leads to cross site...

CVE-2024-8153 SourceCodester QR Code Bookmark System delete-bookmark.php cross site scripting

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated...

CVE-2024-8153 SourceCodester QR Code Bookmark System delete-bookmark.php cross site scripting

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated...

CVE-2024-8152 SourceCodester QR Code Bookmark System Parameter add-bookmark.php cross site scripting

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting...

CVE-2024-8152 SourceCodester QR Code Bookmark System Parameter add-bookmark.php cross site scripting

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting...

CVE-2024-8152

SourceCodester QR Code Bookmark System 1.0 is affected by CVE-2024-8152 through the /endpoint/add-bookmark.php Parameter Handler. The vulnerability arises from manipulating the name/url argument, enabling cross-site scripting (XSS). Exploitation can be performed remotely, and the exploit has been...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR code bookmark system for rems individual developers. A cross-site scripting vulnerability exists in SourceCodester QR Code Bookmark System version 1.0, which originates from a cross-site scripting vulnerability in the tblbookmarkid/name/url parameter of the...

PT-2024-38839 · Unknown · Sourcecodester Qr Code Bookmark System

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0 Description: A vulnerability was found in the SourceCodester QR Code Bookmark System, affecting the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR code bookmark system by rems individual developers. A cross-site scripting vulnerability exists in version 1.0 of the QR Code Bookmark System, which stems from a cross-site scripting vulnerability in the bookmark parameter of the /endpoint/delete-bookmark.php file...

Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

CVE-2024-41658 GHSL-2024-036: Reflected XSS in QrCodePage.js

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

Casdoor 安全漏洞

Casdoor is an open source platform that supports multiple authentication and authorization protocols by Casdoor Open Source. A security vulnerability exists in Casdoor version 1.577.0 and prior versions, which stems from the purchase URL used to generate a QR code for WeChat Payment is susceptibl...

CVE-2024-40892 Firewalla BTLE Weak Credentials

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...

Security Vulnerabilities fixed in Firefox for iOS 129 — Mozilla

Long pressing on a download link could potentially provide a means for cross-site scripting The contextual menu for links could provide an opportunity for cross-site scripting attacks When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to...

CVE-2024-7027

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers t...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...

CVE-2024-31802

CVE-2024-31802 affects DESIGNA ABACUS v18 and earlier. The root cause allows bypassing the payment process via a crafted QR code. A fix is available in v19+, with PT-Security recommending updating to a version that includes the patch; earlier guidance suggests restricting QR payments as a tempora...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...