Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting)...
6.1CVSS
6.1AI Score
0.001EPSS
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save,...
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection...
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.002EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to...
9.8CVSS
9.7AI Score
0.008EPSS
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to...
9.8CVSS
9.8AI Score
0.002EPSS
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl...
6.1CVSS
6.3AI Score
0.001EPSS