3 matches found
CVE-2022-42992
CVE-2022-42992 describes multiple stored XSS vulnerabilities in Train Scheduler App v1.0. The attack surface includes the Train Code, Train Name, and Destination text fields, where crafted payloads can be injected to trigger arbitrary web scripts/HTML when viewed by users. Public references in co...
CVE-2022-3774
CVE-2022-3774 affects SourceCodester Train Scheduler App 1.0. The vulnerability is an Insecure Direct Object Reference (IDOR) in the endpoint /train_scheduler_app/?action=delete, where the id parameter allows improper control of resource identifiers. Multiple sources (NVD, Red Hat, CVE listings, ...
CVE-2022-43079
CVE-2022-43079 documents a cross-site scripting (XSS) vulnerability in Train Scheduler App v1.0. The flaw occurs in the /admin/add-fee.php endpoint, via a crafted payload injected into the cmddept parameter, enabling execution of arbitrary web scripts/HTML. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S...