16049 matches found
CVE-2025-63713
Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
EUVD-2025-38296
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
CVE-2025-63717
The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...
EUVD-2025-38260
Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...
EUVD-2025-38258
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
CVE-2025-63713
Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...
CVE-2025-63713
Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...
CVE-2025-63718
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
CVE-2025-63714
Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...
CVE-2025-63718
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
CVE-2025-12853
A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function deletehouse of the file /adminclass.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
CVE-2025-12853
The CVE-2025-12853 issue affects SourceCodester Best House Rental Management System version 1.0, specifically the delete_house function in /admin_class.php. A manipulation of the ID parameter enables SQL injection, with remote exploitability and publicly disclosed exploits. Multiple feeds corrobo...
CVE-2025-12853 SourceCodester Best House Rental Management System admin_class.php delete_house sql injection
A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function deletehouse of the file /adminclass.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
CVE-2025-63713
CVE-2025-63713 affects SourceCodester MatchMaster 1.0. The Red Hat, ENISA EUVD, NVD and other records describe a Cross-Site Scripting (XSS) vulnerability caused by insufficient sanitization of user input in the custom test creation feature (test titles and matching pair items). The flaw allows re...
CVE-2025-63718
The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...
Sourcecodester Medicine Reminder App 安全漏洞
SourceCodester Medicine Reminder App is an open source medication reminder application from SourceCodester. A security vulnerability exists in version 1.0 of the Sourcecodester Medicine Reminder App, which stems from the Medicine Name and Notes Optional fields not properly filtering inputs, which...