2 matches found
CVE-2022-36639
A stored cross-site scripting XSS vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2022-36639
CVE-2022-36639 describes a stored XSS in Garage Management System v1.0, exploitable via /client.php name parameter. The vulnerability stems from insufficient input filtering/escaping, allowing arbitrary scripts/UIHTML when a crafted payload is submitted for the name field. Affected component: /cl...