CVE-2023-3854 phpscriptpoint BloodBank POST Parameter search sql injection

A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/bloodgroupid leads to sql injection. It is possible to launch the attac...

CVE-2023-3854

CVE-2023-3854 affects phpscriptpoint BloodBank 1.1. The vulnerability is an SQL injection in the /search endpoint’s POST Parameter Handler, where manipulating the country, city, or blood_group_id arguments enables remote exploitation. Multiple sources corroborate the issue but do not provide a fi...

CVE-2023-3853

CVE-2023-3853 affects phpscriptpoint BloodBank 1.1. The connected sources consistently describe a Cross-Site Scripting vulnerability in BloodBank 1.1 arising from unsafely processed data in the file page.php, enabling injection of arbitrary HTML/ scripts. The issue is exploitable remotely (attack...

CVE-2023-3853 phpscriptpoint BloodBank page.php cross site scripting

A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this...

CVE-2023-3853 phpscriptpoint BloodBank page.php cross site scripting

A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this...

PT-2023-26500 · Unknown · Phpscriptpoint Bloodbank

Name of the Vulnerable Software and Affected Versions: phpscriptpoint BloodBank version 1.1 Description: A problem was found in the processing of the file page.php, which can lead to cross site scripting. The attack may be initiated remotely. The vendor was contacted about this issue but did not...

PT-2023-26507 · Unknown · Phpscriptpoint Jobseeker

Name of the Vulnerable Software and Affected Versions: phpscriptpoint JobSeeker version 1.5 Description: A problematic vulnerability was found in the /search-result.php file, where the manipulation of the kw, lc, ct, cp, p arguments leads to cross-site scripting. The attack can be launched...

Ecommerce 1.15 Cross Site Scripting

Exploit Title: Ecommerce 1.15 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/ecommerce/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

JobSeeker 1.5 Cross Site Scripting

Exploit Title: JobSeeker 1.5 - Reflected XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/jobseeker/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

Lawyer CMS 1.6 Cross Site Scripting

Exploit Title: Lawyer CMS 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/lawyer/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

Carlisting 1.6 Cross Site Scripting

Exploit Title: Carlisting 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/carlisting/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Th...

Insurance 1.2 Cross Site Scripting

Exploit Title: Insurance 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/insurance/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

BloodBank 1.1 Cross Site Scripting

Exploit Title: BloodBank 1.1 - Reflected XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/bloodbank/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

BloodBank 1.1 SQL Injection

Exploit Title: BloodBank 1.1 - SQL Injection Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/bloodbank/ Tested on: Windows 10 Pro Impact: Database Access Description SQL injection attacks c...