CVE-2023-48322 WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for...

CVE-2023-48322

CVE-2023-48322 affects the WordPress plugin “eDoc Employee Job Application – Best WordPress Job Manager for Employees” (versions up to and including 1.13). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Public source...

PT-2023-30783 · WordPress · Edoc Employee Job Application

Name of the Vulnerable Software and Affected Versions: eDoc Employee Job Application – Best WordPress Job Manager for Employees versions 1.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allo...

eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting

Description The eDoc Employee Job Application – Best WordPress Job Manager for Employees plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping. This makes ...

WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)

Software eDoc Employee Job Application Type Plugin Vulnerable versions = 1.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48322 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 60cde4f35857 Credits DoYeon Park p6rkdoye0...

[NetScaler] Graceful disable service may trigger TCP RESET immediately

According to eDoc:Graceful shutdown of services. If we disable an HTTP service with the following command: disable service HTTPSvcName 0 -graceFul YES We expect to see all ESTABLISHED connections alive. But in real cases, we may see partial connections got TCP RST from NetScaler ADC immediately...

CVE-2023-1057

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerabili...

PT-2023-16724 · Sourcecodester · Sourcecodester Doctors Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Doctors Appointment System version 1.0 Description: A critical issue was found in the system, affecting the edoc function of the login.php file. The manipulation of the usermail argument leads to sql injection. Recommendations:...

CVE-2022-36202

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control IDOR via id= parameter...

PT-2022-23258 · Unknown · Doctor Appointment System

Name of the Vulnerable Software and Affected Versions: Doctor's Appointment System version 1.0 Description: The issue concerns Incorrect Access Control, specifically Broken Access Control IDOR, in the settings.php file located at the /edoc/patient/ endpoint. The vulnerability is exploited via the...

CVE-2022-36547

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...

CVE-2022-36544

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...

CVE-2022-36548

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

CVE-2022-36547

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

CVE-2022-36548

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...