Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 5:0 a.m.11 views

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.1CVSS6.2AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 6:31 p.m.3 views

GHSA-PQ95-94C9-J987 yaffa vulnerable to Cross Site Scripting

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.1CVSS6.1AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/07 6:31 p.m.4 views

EUVD-2025-209275

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.2AI score0.00271EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/07 6:31 p.m.5 views

yaffa vulnerable to Cross Site Scripting

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.1CVSS6.1AI score0.00271EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/07 6:14 p.m.14 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Add Account Group process on the account-group page. An attacker can execute arbitrary JavaScript in the context of users who view the affected page by injecting malicious scripts. Details Cross-site...

6.1CVSS5.8AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.1CVSS0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 12:0 a.m.9 views

CVE-2025-70844

CVE-2025-70844 affects yaffa v2.0.0, with XSS in the Add Account Group function on the account-group page. The vulnerability allows injection of arbitrary JavaScript and execution in the context of viewers of the affected page. Affected component: yaffa/Account Group page; root cause: improper in...

6.1CVSS6.2AI score0.00271EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30902

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.2AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Yet Another Free Financial Application 安全漏洞

Yet Another Free Financial Application is a self-hosted web application for personal financial management and planning developed by Kantorgge’s individual developers. Version 2.0.0 of Yet Another Free Financial Application contains a security vulnerability. This vulnerability stems from the “Add...

6.1CVSS5.8AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.2 views

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.2AI score0.00271EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/05 12:0 a.m.2 views

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

7.2CVSS8.2AI score0.00411EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/03 8:39 a.m.11 views

CVE-2025-12594

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...

7.2CVSS4.9AI score0.00411EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/02 9:30 a.m.6 views

EUVD-2025-37440

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...

5.8CVSS6.3AI score0.00411EPSS
Exploits1References6
OSV
OSV
added 2025/11/02 9:15 a.m.4 views

CVE-2025-12594

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References5
NVD
NVD
added 2025/11/02 9:15 a.m.7 views

CVE-2025-12594

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...

7.2CVSS0.00411EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/02 8:32 a.m.13 views

CVE-2025-12594 code-projects Simple Online Hotel Reservation System add_account.php sql injection

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...

5.8CVSS0.00411EPSS
Exploits1References5
CVE
CVE
added 2025/11/02 8:32 a.m.16 views

CVE-2025-12594

The CVE-2025-12594 entry concerns code-projects Simple Online Hotel Reservation System 2.0. A SQL injection vulnerability exists in the file /admin/add_account.php (parameter Name). Multiple connected sources confirm remote exploitation with the exploit publicly released, enabling an attacker to ...

7.2CVSS4.9AI score0.00411EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/11/02 12:0 a.m.5 views

Code-Projects Simple Online Hotel Reservation System SQL注入漏洞

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References6
CNVD
CNVD
added 2025/06/27 12:0 a.m.2 views

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter name/adminid in the file...

9.8CVSS8.3AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:58 a.m.5 views

CVE-2024-7749

A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument accountname leads to cross site scripting. It is possible to launch the attack...

5.4CVSS5.4AI score0.00469EPSS
Exploits1References1
Rows per page
Query Builder