SourceCodester FAQ Bot with AI Assistant 安全漏洞

SourceCodester FAQ Bot with AI Assistant is an open source question and answer bot with artificial intelligence assistant by SourceCodester. A security vulnerability exists in SourceCodester FAQ Bot with AI Assistant v1.0, which stems from improper handling of user-supplied input and could lead t...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-63717

Summary: CSRF in SourceCodester Pet Grooming Management Software 1.0. The change password functionality at /pet_grooming/admin/change_pass.php is vulnerable due to missing anti-CSRF tokens and same-site cookie protections, potentially allowing attackers to trick authenticated users into changing ...

CVE-2025-63714

SourceCodester User Account Generator 1.0 contains a Cross‑Site Scripting (XSS) vulnerability in the Username Prefix field. The root cause is improper sanitization of user input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute...

SourceCodester Leads Manager Tool 安全漏洞

SourceCodester Leads Manager Tool is an open source leads management tool from SourceCodester. A security vulnerability exists in SourceCodester Leads Manager Tool version 1.0, which stems from the lack of a CSRF protection mechanism that could lead to cross-site request forgery attacks...

SourceCodester PQMS 安全漏洞

SourceCodester PQMS is an open source product quality management system from SourceCodester. A security vulnerability exists in SourceCodester PQMS version 1.0, which stems from improper cleanup of the appointmentID parameter in the apipatientschedule.php endpoint, which could lead to the executi...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

CVE-2025-63639

The CVE-2025-63639 entry describes an XSS vulnerability in Sourcecodester FAQ Bot with AI Assistant v1.0, specifically in the chat feature where user input is not properly sanitized. Affected component: chat/messages handling in the FAQ Bot. Root cause: improper handling of user-supplied input le...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-63716

The CVE-2025-63716 entry concerns SourceCodester Leads Manager Tool v1.0, which is vulnerable to Cross-Site Request Forgery (CSRF). The root cause stated across sources is lack of CSRF protection mechanisms (no anti-CSRF tokens and no same-origin verification) on critical endpoints, enabling unau...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

SourceCodester AI-Powered To-Do List App 安全漏洞

SourceCodester AI-Powered To-Do List App is an Artificial Intelligence-based to-do list app from SourceCodester open source. A security vulnerability exists in SourceCodester AI-Powered To-Do List App v1.0, which stems from the Task Title and Description Optional fields not adequately validating...

PT-2025-45474

Name of the Vulnerable Software and Affected Versions SourceCodester User Account Generator version 1.0 Description A Cross-Site Scripting XSS issue exists in SourceCodester User Account Generator version 1.0. This allows remote attackers to execute arbitrary JavaScript code within a user’s brows...

SourceCodester User Account Generator 安全漏洞

SourceCodester User Account Generator is an open source user account generator from SourceCodester. A security vulnerability exists in SourceCodester User Account Generator version 1.0, which stems from improper input cleanup of the Username Prefix field, and could lead to a cross-site scripting...

SourceCodester Pet Grooming Management Software 安全漏洞

SourceCodester Pet Grooming Management Software is an open source pet grooming management system from SourceCodester. A security vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, which stems from not implementing sufficient anti-CSRF tokens or same-site cookie...

PT-2025-45496

Name of the Vulnerable Software and Affected Versions Sourcecodester FAQ Bot with AI Assistant version 1.0 Description The application’s chat feature is susceptible to Cross-Site Scripting XSS because of inadequate handling of user-provided input. An attacker can inject malicious HTML or JavaScri...

CVE-2025-63713

Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...