Ivan Cese

9 exploits Active since Oct 2025
CVE-2025-60311 WRITEUP HIGH WRITEUP
ProjectWorlds Gym Management System 1.0 - SQL Injection
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page
CVSS 8.8
CVE-2025-60312 WRITEUP MEDIUM WRITEUP
Sourcecodester Markdown to HTML Converter v1.0 - XSS
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button.
CVSS 6.1
CVE-2025-60313 WRITEUP MEDIUM WRITEUP
Sourcecodester Link Status Checker 1.0 - XSS
Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code.
CVSS 6.1
CVE-2025-60314 WRITEUP MEDIUM WRITEUP
Configuroweb Sistema Web de Inventario 1.0 - XSS
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript.
CVSS 5.4
CVE-2025-60316 WRITEUP CRITICAL WRITEUP
SourceCodester Pet Grooming <1.0 - SQL Injection
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.
CVSS 9.4
CVE-2025-60318 WRITEUP MEDIUM WRITEUP
SourceCodester Pet Grooming Mgmt <1.0 - XSS
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields.
CVSS 6.1
CVE-2025-63638 WRITEUP MEDIUM WRITEUP
Sourcecodester AI-Powered To-Do List App v1.0 - XSS
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.
CVSS 6.1
CVE-2025-63639 WRITEUP MEDIUM WRITEUP
Sourcecodester FAQ Bot with AI Assistant v1.0 - XSS
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.
CVSS 6.1
CVE-2025-63640 WRITEUP MEDIUM WRITEUP
Sourcecodester Medicine Reminder App v1.0 - XSS
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button.
CVSS 6.1