29 matches found
EUVD-2022-46041
Malicious code in bioql PyPI...
EUVD-2022-43124
Malicious code in bioql PyPI...
EUVD-2022-46128
Malicious code in bioql PyPI...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
CVE-2022-42992
Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...
CVE-2022-3774
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
CVE-2022-43079
CVE-2022-43079 documents a cross-site scripting (XSS) vulnerability in Train Scheduler App v1.0. The flaw occurs in the /admin/add-fee.php endpoint, via a crafted payload injected into the cmddept parameter, enabling execution of arbitrary web scripts/HTML. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
PT-2022-26742 · Unknown · Train Scheduler App
Name of the Vulnerable Software and Affected Versions: Train Scheduler App version 1.0 Description: A cross-site scripting XSS issue exists in the /admin/add-fee.php endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
Train Scheduler App 跨站脚本漏洞
Train Scheduler App is a train scheduling application by Carlo Montero Personal Developer. A security vulnerability exists in Train Scheduler App v1.0, which stems from a cross-site scripting XSS vulnerability contained in /admin/add-fee. An attacker can exploit this vulnerability to execute...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
CVE-2022-3774
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
CVE-2022-3774
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
Design/Logic Flaw
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
CVE-2022-3774
CVE-2022-3774 affects SourceCodester Train Scheduler App 1.0. The vulnerability is an Insecure Direct Object Reference (IDOR) in the endpoint /train_scheduler_app/?action=delete, where the id parameter allows improper control of resource identifiers. Multiple sources (NVD, Red Hat, CVE listings, ...
CVE-2022-3774 SourceCodester Train Scheduler App resource injection
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
Train Scheduler App 安全漏洞
Train Scheduler App is a train scheduling application by Carlo Montero Personal Developer. A security vulnerability exists in Train Scheduler App version 1.0, which stems from an unknown function in the file /trainschedulerapp/?action=delete is affected, where manipulation of the parameter id can...