Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-1036: bug_report/XSS-1.md at main · nightcloudos/bug_report

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#auth#chrome#webkit
CVE-2023-1041: bug_report/XSS-1.md at main · verylazycat/bug_report

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799.

CVE-2023-0932: Chromium: CVE-2023-0932 Use after free in WebRTC

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2021-34248: Mobile Shop System 1.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.

CVE-2021-34249: Offensive Security’s Exploit Database Archive

SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.

Music Gallery Site 1.0 SQL Injection

Music Gallery Site version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Music Gallery Site 1.0 Privilege Escalation / Missing Authentication

Music Gallery Site version 1.0 suffers from a missing authentication vulnerability that allows for privilege escalation.

Employee Task Management System 1.0 SQL Injection

Employee Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Employee Task Management System 1.0 Privilege Escalation

Employee Task Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.

Auto Dealer Management System 1.0 SQL Injection

Auto Dealer Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.