ReportizFlow
Filtered by vendor Janobe
Subscriptions
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44812 | 2 Janobe, Sourcecodester | 2 Online Complaint Site, Online Complaint Site | 2024-10-25 | 9.8 Critical |
| SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | ||||
| CVE-2024-8089 | 2 E-commerce System Project, Janobe | 2 E-commerce System, E-commerce System | 2024-08-27 | 6.3 Medium |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8087 | 2 Janobe, Sourcecodester | 2 E-commerce System, Ecommerce System | 2024-08-27 | 6.3 Medium |
| A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8086 | 2 E-commerce System Project, Janobe | 2 E-commerce System, E-commerce System | 2024-08-27 | 7.3 High |
| A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7947 | 2 Janobe, Sourcecodester | 2 Point Of Sales And Inventory Management System, Point Of Sales And Inventory Management System | 2024-08-21 | 7.3 High |
| A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-33993 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'. | ||||
| CVE-2024-33992 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'. | ||||
| CVE-2024-33991 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'. | ||||
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. | ||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. | ||||
| CVE-2024-33985 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'. | ||||
| CVE-2024-33986 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'. | ||||
| CVE-2024-33987 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'. | ||||
| CVE-2024-33988 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'. | ||||
| CVE-2024-33984 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'. | ||||
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. | ||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. | ||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'. | ||||
| CVE-2024-33977 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'. | ||||
| CVE-2024-33976 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'. | ||||