Filtered by vendor Oretnom23
Subscribe
Total
564 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33304 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 6.1 MEDIUM |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | |||||
| CVE-2024-33302 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 5.3 MEDIUM |
| SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. | |||||
| CVE-2024-33303 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 8.2 HIGH |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | |||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-45033 | 1 Oretnom23 | 1 Expense Tracker | 2025-04-21 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | |||||
| CVE-2024-34220 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 7.5 HIGH |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | |||||
| CVE-2024-34221 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 8.8 HIGH |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | |||||
| CVE-2024-34222 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 5.9 MEDIUM |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | |||||
| CVE-2024-34223 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 4.3 MEDIUM |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | |||||
| CVE-2024-34225 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||||
| CVE-2024-34224 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | |||||
| CVE-2023-49983 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-49982 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 8.8 HIGH |
| Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. | |||||
| CVE-2023-49986 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2024-25551 | 1 Oretnom23 | 1 Simple Student Attendance System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL. | |||||
| CVE-2023-49985 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. | |||||
| CVE-2023-49984 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-49987 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. | |||||
| CVE-2024-54818 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 8.8 HIGH |
| SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | |||||
| CVE-2024-40443 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 4.3 MEDIUM |
| SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | |||||