Lucene search
K

148 matches found

Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.4 views

PT-2023-15569 · Unknown · Tramyardg Hotel-Mgmt-System

Name of the Vulnerable Software and Affected Versions: Tramyardg hotel-mgmt-system version 2022.4 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the process update profile.php file. Recommendations: For Tramyardg hotel-mgmt-system version 2022.4,...

5.4CVSS5.3AI score0.00447EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/13 12:0 a.m.7 views

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...

5.3AI score0.00447EPSS
Exploits1References1
Prion
Prion
added 2022/12/25 8:15 p.m.17 views

Sql injection

A vulnerability was found in barronwaffles dwcnetworkserveremulator. It has been declared as critical. This vulnerability affects the function updateprofile of the file gamespy/gsdatabase.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated...

7.5CVSS9.8AI score0.00679EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.4 views

dwc_network_server_emulator SQL注入漏洞

dwcnetworkserveremulator is a Nintendo DS and Wii online multiplayer server emulator by barronwaffles individual developer. An SQL injection vulnerability exists in dwcnetworkserveremulator, which stems from a problem with the function updateprofile in the file gamespy/gsdatabase.py, where...

9.8CVSS7AI score0.00679EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.6 views

PT-2022-9025 · Unknown · Dwc Network Server Emulator

Name of the Vulnerable Software and Affected Versions: barronwaffles dwc network server emulator affected versions not specified Description: A critical issue has been found in the dwc network server emulator, affecting the update profile function in the file gamespy/gs database.py. The...

9.8CVSS7.3AI score0.00679EPSS
Exploits0References8
OSV
OSV
added 2022/11/07 8:15 p.m.3 views

CVE-2022-43050

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS6AI score0.0095EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.6 views

PT-2022-26730 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the update profile.php component. This allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References3
OSV
OSV
added 2022/09/19 9:15 p.m.1 views

CVE-2022-38351

A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...

8.8CVSS5.8AI score0.0089EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/09/19 8:27 p.m.5 views

CVE-2022-38351

A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...

8.8CVSS8.6AI score0.0089EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.8 views

PT-2022-24382 · Suprema · Suprema Biostar 2

Name of the Vulnerable Software and Affected Versions: Suprema BioStar aka Bio Star 2 version 2.8.16 Description: A vulnerability in the software allows attackers to escalate privileges to System Administrator via a crafted PUT request to the "update profile page" API endpoint. This issue enables...

8.8CVSS8.7AI score0.0089EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/10/04 7:15 p.m.3 views

CVE-2021-41651

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in processupdateprofile.php...

7.5CVSS7.2AI score0.0234EPSS
Exploits2References3
OSV
OSV
added 2021/10/04 12:15 p.m.3 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS5.8AI score0.006EPSS
Exploits3References1
NVD
NVD
added 2021/07/23 6:15 p.m.17 views

CVE-2021-25791

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

5.4CVSS0.02535EPSS
Exploits3References3
OSV
OSV
added 2021/07/23 6:15 p.m.4 views

CVE-2021-25791

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

5.4CVSS5.6AI score0.02535EPSS
Exploits3References3
Prion
Prion
added 2021/07/23 6:15 p.m.16 views

Cross site scripting

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

3.5CVSS5.5AI score0.02535EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/07/23 5:44 p.m.16 views

CVE-2021-25791

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

5.7AI score0.02535EPSS
Exploits3References3
CVE
CVE
added 2021/07/23 5:44 p.m.111 views

CVE-2021-25791

CVE-2021-25791 affects Online Doctor Appointment System 1.0 and describes multiple stored XSS in the Update Profile module. Vulnerable component: First Name, Last Name, and Address fields where user input is stored and later rendered. Impact: authenticated users can execute arbitrary web scripts ...

5.4CVSS5.5AI score0.02535EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.7 views

Online Doctor Appointment System 跨站脚本漏洞

Online Doctor Appointment System is an online doctor appointment system developed using PHP, JavaScript and CSS. A cross-site scripting vulnerability exists in Online Doctor Appointment System 1.0 that allows an authenticated attacker to execute arbitrary web script or HTML via a crafted payload ...

5.4CVSS5.7AI score0.02535EPSS
Exploits3References4
Exploit DB
Exploit DB
added 2021/01/08 12:0 a.m.243 views

Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS

Exploit Title: Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2021-01-08 Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html Software Link:...

5.4CVSS5.6AI score0.02535EPSS
Exploits3
OSV
OSV
added 2021/01/04 6:15 p.m.22 views

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

9.8CVSS7AI score
Exploits0References3
Rows per page
Query Builder