Security Vulnerabilities - CVEs Published In August 2024
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-08-20
A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-08-20
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
CVSS Score
8.8
EPSS Score
0.045
Published
2024-08-20
7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.4
EPSS Score
0.002
Published
2024-08-20
Servision - CWE-287: Improper Authentication
CVSS Score
8.2
EPSS Score
0.003
Published
2024-08-20
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-08-20
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-20
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score
4.3
EPSS Score
0.002
Published
2024-08-20
Priority – CWE-552: Files or Directories Accessible to External Parties
CVSS Score
4.4
EPSS Score
0.002
Published
2024-08-20
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVSS Score
6.1
EPSS Score
0.003
Published
2024-08-20