CVE

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The identifier VDB-233573 was assigned to this vulnerability.

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.

xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).

SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component.

fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS

A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin_class.php of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233565 was assigned to this vulnerability.

An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.

An issue in MiniTool Partition Wizard ShadowMaker v.12.7 allows an attacker to execute arbitrary code via the MTAgentService component.