CVE-2023-43456

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...

SourceCodester Best House Rental Management System 安全漏洞

SourceCodester Best House Rental Management System is a SourceCodester open source house rental management system. A security vulnerability exists in SourceCodester Best House Rental Management System version 1.0, which originates from the parameter lastname/firstname/middlename in the file...

CVE-2024-35352

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting...

Dino Physics School Assistant 安全漏洞

Dino Physics School Assistant is an application. A security vulnerability exists in Dino Physics School Assistant version 2.3, which stems from a cross-site scripting XSS vulnerability in the parameter middlename of the file classes/Users.php...

PT-2024-26451 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting...

PT-2024-25754 · Unknown · Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: Computer Laboratory Management System version 1.0 Description: The issue concerns a Cross Site Scripting vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters in th...

CVE-2024-3140

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate th...

CVE-2024-3140 SourceCodester Computer Laboratory Management System cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate th...

PT-2024-24046 · Sourcecodester · Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Laboratory Management System version 1.0 Description: A problematic issue was found in the system, affecting an unknown part of the file /classes/Users.php?f=save. The manipulation of the middlename argument leads to...

SourceCodester Computer Laboratory Management System 跨站脚本漏洞

Computer Laboratory Management System is a computer laboratory management system. A cross-site scripting vulnerability exists in SourceCodester Computer Laboratory Management System version 1.0, which stems from a security issue in /classes/Users.php that results in cross-site scripting via the...

CVE-2023-51281

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

CVE-2023-4493

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

CVE-2023-3659

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manageuser. The manipulation of the argument firstname/middlename leads to cross site scripting...

AC Repair and Services System 跨站脚本漏洞

AC Repair and Services System is an air conditioning repair and services system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester AC Repair and Services System version 1.0, which stems from the parameter firstname/middlename in the file...

Sales Tracker Management System 跨站脚本漏洞

Sales Tracker Management System is a sales tracking management system by Carlo Montero Personal Developer. A cross-site scripting vulnerability exists in Sales Tracker Management System version 1.0, which stems from a problem with the file /classes/Users.php?f=save, where incorrect manipulation o...

CVE-2023-30788

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName parameter...

Cross site scripting

An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters...

Online Diagnostic Lab Management System 跨站脚本漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A cross-site scripting vulnerability exists in Online Diagnostic Lab Management System version 1.0, which originates from an XSS via the firstname, address, middlename, lastname , gender, email, contact...

Loan Management System 1.0 Cross Site Scripting

Exploit Title: Loan Management System - Stored XSS on several parameters Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There a...

CVE-2009-4848

Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 userId parameter to tvserver/server/user/setPermissions.jsp, 2 deptName parameter to...