15 matches found
EUVD-2025-12643
Malicious code in bioql PyPI...
CVE-2025-40616
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40618
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40616
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40618
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40619 Improper access control vulnerability in Bookgy
Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...
CVE-2025-40618
The CVE-2025-40618 entry describes an SQL injection in Bookgy, exploitable via the IDRESERVA parameter in /bkg_imprimir_comprobante.php. Affected component: Bookgy web API endpoint; root cause: improper input handling allowing arbitrary SQL access. Implications shown in metrics: high impact on co...
CVE-2025-40617 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...
CVE-2025-40616
Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...
CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-40615
CVE-2025-40615 concerns Bookgy, a booking system where a reflected Cross-Site Scripting (XSS) vulnerability exists in the /api/api_ajustes.php endpoint via the TEXTO parameter. The underlying issue is a reflected XSS flaw that can cause a user’s browser to execute attacker-supplied JavaScript whe...
CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
PT-2025-18176 · Bookgy · Bookgy
Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is a SQL injection vulnerability that could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDRESERVA parameter in the...
PT-2025-18177 · Bookgy · Bookgy
Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a lack of proper authorization control in multiple areas of the Bookgy application. This deficiency could allow a malicious actor, without authentication, to reach...