10 matches found
CVE-2025-8337 code-projects Simple Car Rental System add_vehicles.php cross site scripting
A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/addvehicles.php. The manipulation of the argument carname leads to cross site scripting. The attack may be initiated...
CVE-2025-8337
CVE-2025-8337 affects Code-Projects Simple Car Rental System 1.0. The vulnerability is in the file /admin/add_vehicles.php where manipulation of the car_name argument can lead to a cross-site scripting (XSS) vulnerability. The attack can be initiated remotely and exploits have been publicly discl...
CVE-2025-4888 code-projects Pharmacy Management System Add Order Details take_order buffer overflow
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::takeorder of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has be...
CVE-2025-4547 SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...
CVE-2025-3244
CVE-2025-3244 affects SourceCodester Web-based Pharmacy Product Management System 1.0. The vulnerability is in the Create User Page’s file /add-admin.php, where manipulation of the Avatar parameter enables unrestricted file upload, with remote exploitation reported. Several connected sources conf...
CVE-2025-3147 PHPGurukul Boat Booking System add-subadmin.php sql injection
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has bee...
Mysiteforme 安全漏洞
Mysiteforme is a permissions management system for wangl1989 individual developers. A security vulnerability exists in Mysiteforme versions prior to 2025.01.01, which stems from the inclusion of a fastjson deserialization vulnerability discovered via the component system/table/add...
Mozilla Firefox Blocks Malicious Add-ons Installed by 455K Users
Mozilla’s Firefox team has blocked add-ons that were abusing the proxy API in order to prevent around 455,000 users from updating their browsers. In a Monday post, Mozilla’s development team members Rachel Tublitz and Stuart Colville said that they’d discovered the misbehaving add-ons in early...
Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates
In a Firefox security announcement, Mozilla said 455,000 users have downloaded Firefox add-ons that interfere with how they connect to the internet. The interference in itself was not the deciding factor, however. The add-ons abused the proxy API to prevent users who had installed them from...
Malicious Firefox Add-ons Block Browser From Downloading Security Updates
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users w...