Filtered by vendor Oretnom23
Subscribe
Total
622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34223 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 4.3 MEDIUM |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | |||||
| CVE-2024-34225 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||||
| CVE-2024-34224 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | |||||
| CVE-2023-49983 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-49982 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 8.8 HIGH |
| Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. | |||||
| CVE-2023-49986 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2024-25551 | 1 Oretnom23 | 1 Simple Student Attendance System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL. | |||||
| CVE-2023-49985 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. | |||||
| CVE-2023-49984 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-49987 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. | |||||
| CVE-2024-54818 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 8.8 HIGH |
| SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | |||||
| CVE-2024-40443 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 4.3 MEDIUM |
| SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | |||||
| CVE-2024-31545 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.4 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | |||||
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.1 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | |||||
| CVE-2024-31546 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | |||||
| CVE-2023-49540 | 1 Oretnom23 | 1 Book Store Management System | 2025-04-14 | N/A | 6.1 MEDIUM |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter. | |||||
| CVE-2023-49539 | 1 Oretnom23 | 1 Book Store Management System | 2025-04-14 | N/A | 6.1 MEDIUM |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter. | |||||
| CVE-2024-35581 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | |||||
| CVE-2024-35582 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | |||||
| CVE-2024-35583 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | |||||