2 matches found
CVE-2022-3495
CVE-2022-3495 affects SourceCodester Simple Online Public Access Catalog 1.0, specifically the Admin Login endpoint /opac/Actions.php?a=login. The vulnerability is a SQL injection caused by manipulating the username/password parameters, exploitable remotely with high impact on confidentiality, in...
CVE-2022-42991
CVE-2022-42991 is a stored XSS vulnerability in Simple Online Public Access Catalog v1.0, exploitable by injecting a crafted payload into the Edit Account Full Name field. The issue allows execution of arbitrary scripts/HTML in the victim’s browser and is constrained by user interaction (UI:R) wi...