Total
43645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7685 | 2 Mayurik, Sourcecodester | 2 Advocate Office Management System, Kortex Lite Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7684 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7683 | 2 Mayurik, Sourcecodester | 2 Advocate Office Management System, Kortex Lite Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43810 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | 4.6 Medium |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | ||||
| CVE-2024-43809 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | ||||
| CVE-2024-43807 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | 4.6 Medium |
| In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | ||||
| CVE-2024-7793 | 2 Rems, Sourcecodester | 2 Task Progress Tracker, Task Progress Tracker | 2024-08-19 | 3.5 Low |
| A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7815 | 2 Codeastro, Online Railway Reservation System Project | 2 Online Railway Reservation System, Online Railway Reservation System | 2024-08-19 | 2.4 Low |
| A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7752 | 2 Oretnom23, Sourcecodester | 2 Clinic\'s Patient Management System, Clinics Patient Management System | 2024-08-19 | 3.5 Low |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7008 | 2 Calibre, Calibre-ebook | 2 Calibre, Calibre | 2024-08-19 | 5.4 Medium |
| Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | ||||
| CVE-2024-7914 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-08-19 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7343 | 1 Baidu | 1 Ueditor | 2024-08-15 | 3.5 Low |
| A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7678 | 2 Oretnom23, Sourcecodester | 2 Car Driving School Management System, Car Driving School Management System | 2024-08-15 | 3.5 Low |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_package. The manipulation of the argument name/description/training_duration leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7677 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 3.5 Low |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument contact/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7657 | 1 Gilacms | 1 Gila Cms | 2024-08-15 | 3.5 Low |
| A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-33993 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'. | ||||
| CVE-2024-33992 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'. | ||||
| CVE-2024-33991 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'. | ||||
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. | ||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. | ||||