Train Scheduler App Project: >> Train Scheduler App Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-01
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-31
Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-10-27