41 matches found
Edoc-doctor-appointment-system 安全漏洞
Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version 1.0.1, which stems from an unfiltered title parameter in admin/add-session.php, which could lead to a cross-site...
CVE-2025-66918
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...
CVE-2025-66918
The CVE-2025-66918 entry concerns edoc-doctor-appointment-system v1.0.1 with a Cross Site Scripting (XSS) flaw in admin/add-session.php via the title parameter. The vulnerability is triggered by unsanitized user input in the title field, enabling script injection. Documents consistently describe ...
CVE-2025-65358
Edoc-doctor-appointment-system v1.0.1 contains an SQL injection via the docid parameter in /admin/appointment.php. The root cause is unsanitized user input enabling attackers to manipulate queries, resulting in a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented in multi...
EUVD-2022-39251
Malicious code in bioql PyPI...
EUVD-2022-39253
Malicious code in bioql PyPI...
EUVD-2022-39252
Malicious code in bioql PyPI...
EUVD-2022-39250
Malicious code in bioql PyPI...
EUVD-2022-39249
Malicious code in bioql PyPI...
CVE-2022-36547
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...
CVE-2022-36546
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...
CVE-2022-36545
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36544
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...
CVE-2022-36543
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
CVE-2022-36544
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
CVE-2022-36546
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...
CVE-2022-36545
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...