Shodan
Vulnerabilities
Vulnerable Software
Oretnom23:  Security Vulnerabilities
CVE-2024-34223
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-14
CVE-2024-34224
Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.
CVSS Score
7.3
EPSS Score
0.011
Published
2024-05-14
CVE-2024-34225
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-14
CVE-2024-34226
SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.
CVSS Score
9.4
EPSS Score
0.003
Published
2024-05-14
CVE-2024-34220
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-14
CVE-2024-33302
SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-02
CVE-2024-33303
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-05-02
CVE-2024-33304
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-01
CVE-2023-23021
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-01
CVE-2023-23022
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved