Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/01/20 9:7 a.m.17 views

CVE-2026-1147

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/apipatientschedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attac...

5.4CVSS4.1AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 10:16 a.m.10 views

CVE-2026-1147

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/apipatientschedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attac...

5.4CVSS0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/01/19 10:16 a.m.4 views

CVE-2026-1147

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/apipatientschedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attac...

5.4CVSS4.3AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/19 9:2 a.m.6 views

CVE-2026-1147 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_patient_schedule.php cross site scripting

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/apipatientschedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attac...

5.1CVSS3.9AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.13 views

PT-2026-3430

A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api patient schedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the...

5.1CVSS4.1AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.6 views

SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

5.4CVSS5.7AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52723

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00356EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.5 views

CVE-2024-6453

A vulnerability was found in itsourcecode Farm Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quarantine.php?id=3. The manipulation of the argument pigno/breed/reason leads to sql injection. The attack can be launch...

8.8CVSS8AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.10 views

CVE-2024-54998

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...

5.4CVSS7.4AI score0.00356EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.28 views

CVE-2021-42662

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...

5.4CVSS5.7AI score0.01647EPSS
Exploits5
NVD
NVD
added 2025/01/10 9:15 p.m.10 views

CVE-2024-54998

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...

5.4CVSS0.00356EPSS
Exploits2References1
OSV
OSV
added 2025/01/10 12:0 a.m.8 views

CVE-2024-54998

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...

5.4CVSS7.3AI score0.00356EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/01/10 12:0 a.m.14 views

CVE-2024-54998

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...

0.00356EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.6 views

MonicaHQ 安全漏洞

MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version v4.1.2 that stems from the Reason parameter containing authenticated client-side injection...

5.4CVSS6.6AI score0.00356EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.5 views

Online Food Ordering System 跨站脚本漏洞

Online Food Ordering System is an online food ordering system. A cross-site scripting vulnerability exists in Online Food Ordering System, which originates from the lack of effective filtering and escaping of user-supplied data by the parameter Reason of some unknown functions of the component...

6.1CVSS6.1AI score0.00357EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.7 views

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System version 1.0, which is a cross-site scripting vulnerability due to misuse of the parameter Reason...

5.4CVSS5.4AI score0.00459EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.6 views

The vulnerability of the “Holiday reason” parameter in the online event booking system SourceCodester, which allows a perpetrator to execute JavaScript commands on behalf of a user on the web server

The vulnerability of the “Holiday reason” parameter in the online event booking system SourceCodester exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute JavaScript commands on behalf of a user on the web...

6.4CVSS6.1AI score0.01647EPSS
Exploits5References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/05 11:15 a.m.4 views

CVE-2021-42662

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...

5.4CVSS5.8AI score0.01647EPSS
Exploits5References5
CNVD
CNVD
added 2018/01/15 12:0 a.m.5 views

DragonByte Technologies vbActivity for vBulletin Cross-Site Scripting Vulnerability

DragonByte Technologies vbActivity for vBulletin is a module with polling and rating functionality for vBulletin, an open source commercial web forum program from DragonByte Technologies, Scotland. A cross-site scripting vulnerability exists in DragonByte Technologies vbActivity for vBulletin...

6.1CVSS5.9AI score0.01669EPSS
Exploits0References1
NVD
NVD
added 2018/01/11 8:29 p.m.19 views

CVE-2012-6670

Multiple cross-site scripting XSS vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in 1 actions/nominatemedal.php or 2 actions/requestmedal.php...

6.1CVSS6.1AI score0.01669EPSS
Exploits0References4
Rows per page
Query Builder