18 matches found
CVE-2020-37240
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240 Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240 Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CodeKernel Token - Queue Management System 跨站脚本漏洞
CodeKernel Token - Queue Management System is a Laravel-based queueing and customer waiting list management system developed by CodeKernel. Version 4.0.0 of CodeKernel Token - Queue Management System contains a cross-site scripting vulnerability. This vulnerability stems from storage-type...
PT-2026-41440
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...
CVE-2024-42798
An Incorrect Access Control vulnerability was found in /music/index.php?page=userlist and /music/index.php?page=edituser in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account...
PT-2024-35951 · Unknown · Oretnom23 Online Car Wash Booking System
Name of the Vulnerable Software and Affected Versions: oretnom23 Online Car Wash Booking System version 1.0 Description: A problematic issue has been found in the system, affecting the processing of the file "/admin/?page=user/list". The manipulation of the argument First Name/Last Name with the...
CVE-2023-3986 SourceCodester Simple Online Mens Salon Management System cross site scripting
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. Th...
CVE-2022-4233
A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. T...
Simple Cold Storage Management System 跨站脚本漏洞
Simple Cold Storage Management System is a simple cold storage management system by Carlo Montero, an individual developer. A security vulnerability exists in Simple Cold Storage Management System version 1.0, which stems from some unknown functionality in the /csms/admin/?page=user/list file,...
Advantech R-SeeNet SQL注入漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...
engineercms cross-site scripting vulnerability
engineercms is an open source engineer knowledge management system . Specifically for civil engineers to create a suitable web-based knowledge management system . It can be used to manage both individual project information , but also for managing project team information ; it can run on both...
CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...
CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...
Cross site scripting
engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...
engineercms 跨站脚本漏洞
engineercms is an open source engineer knowledge management system . Specifically for civil engineers to create a suitable web-based knowledge management system . It can be used to manage both individual project information , but also for managing project team information ; it can run on both...