Filtered by vendor Oretnom23
Subscribe
Total
169 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31704 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2023-10-04 | N/A | 9.8 CRITICAL |
| Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. | |||||
| CVE-2023-34581 | 1 Oretnom23 | 1 Service Provider Management System | 2023-10-03 | N/A | 9.8 CRITICAL |
| Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||||
| CVE-2022-45033 | 1 Oretnom23 | 1 Expense Tracker | 2023-09-30 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | |||||
| CVE-2023-44048 | 1 Oretnom23 | 1 Expense Tracker | 2023-09-30 | N/A | 5.4 MEDIUM |
| Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | |||||
| CVE-2023-30415 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-09-29 | N/A | 9.8 CRITICAL |
| Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | |||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2023-09-26 | N/A | 9.8 CRITICAL |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | |||||
| CVE-2023-43456 | 1 Oretnom23 | 1 Service Provider Management System | 2023-09-25 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. | |||||
| CVE-2023-36159 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-09-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | |||||
| CVE-2023-33592 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-09-25 | N/A | 9.8 CRITICAL |
| Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | |||||