A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launch...
3.5CVSS
4AI Score
0.0004EPSS
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
7.2CVSS
7.5AI Score
0.001EPSS
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
6.1CVSS
7.2AI Score
0.002EPSS
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
9.8CVSS
9.8AI Score
0.003EPSS
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
9.8CVSS
9.3AI Score
0.006EPSS