ReportizFlow
Filtered by vendor Sourcecodester
Subscriptions
Total
451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63713 | 2 Remyandrade, Sourcecodester | 2 Matching Type Test, Matchmaster | 2025-11-18 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution. | ||||
| CVE-2025-12926 | 2 Janobe, Sourcecodester | 2 Farm Management System, Farm Management System | 2025-11-18 | 6.3 Medium |
| A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12929 | 2 Oretnom23, Sourcecodester | 2 Survey Application System, Survey Application System | 2025-11-18 | 7.3 High |
| A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-12930 | 2 Janobe, Sourcecodester | 2 Food Ordering System, Food Ordering Management System | 2025-11-18 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-12931 | 2 Janobe, Sourcecodester | 2 Food Ordering System, Food Ordering Management System | 2025-11-18 | 6.3 Medium |
| A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-63712 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Product Expiry Management System | 2025-11-18 | 4.5 Medium |
| Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection. | ||||
| CVE-2025-63709 | 2 Chuck24, Sourcecodester | 2 Simple To-do List System, Simple Todo List System | 2025-11-18 | 4.6 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser. | ||||
| CVE-2025-10081 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Management System | 2025-11-17 | 4.7 Medium |
| A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-10085 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10083 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10087 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-63714 | 2 Remyandrade, Sourcecodester | 2 Modern User Account Generator, User Account Generator | 2025-11-17 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users. | ||||
| CVE-2025-63639 | 2 Remyandrade, Sourcecodester | 2 Faq Bot With Ai Assistant, Faq Bot With Ai Assistant | 2025-11-17 | 6.1 Medium |
| The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation. | ||||
| CVE-2025-63638 | 2 Remyandrade, Sourcecodester | 2 Ai-powered To-do List App, Ai Powered To Do List App | 2025-11-17 | 6.1 Medium |
| Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button. | ||||
| CVE-2025-63717 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.5 Medium |
| The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers to trick authenticated users into unknowingly changing their passwords. | ||||
| CVE-2025-63718 | 2 Pamzey, Sourcecodester | 2 Patients Waiting Area Queue Management System, Patient Queue Management System | 2025-11-17 | 6.5 Medium |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | ||||
| CVE-2025-63716 | 2 Rems, Sourcecodester | 2 Leads Manager Tool, Leads Manager Tool | 2025-11-17 | 6.5 Medium |
| The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints. | ||||
| CVE-2025-63710 | 2 Pijey, Sourcecodester | 2 Simple Public Chat Room, Simple Public Chat Room | 2025-11-17 | 6.5 Medium |
| The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an authenticated user, will automatically submit a forged POST request to the vulnerable endpoint. This request will be executed with the victim's privileges, allowing the attacker to perform unauthorized actions on their behalf, such as sending arbitrary messages in any chat room. | ||||
| CVE-2025-63711 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2025-11-17 | 7.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST requests containing a user_id parameter and does not enforce request origin or anti-CSRF tokens. Because the endpoint lacks proper authentication/authorization checks and CSRF protections, a remote attacker can craft a malicious page that triggers deletion when visited by an authenticated admin, resulting in arbitrary removal of user accounts. | ||||
| CVE-2025-63640 | 2 Rems, Sourcecodester | 2 Medicine Reminder App, Medicine Reminder App | 2025-11-17 | 6.1 Medium |
| Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button. | ||||