Pratik Shetty

10 exploits Active since Oct 2022
CVE-2022-3502 WRITEUP LOW WRITEUP
Human Resource Management System 1.0 - XSS
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.
CVSS 3.5
CVE-2022-42235 WRITEUP MEDIUM WRITEUP
Student Clearance System 1.0 - Stored Cross-Site Scripting in Student Registration Form
A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.
CVSS 5.4
CVE-2022-42236 WRITEUP MEDIUM WRITEUP
Merchandise Online Store 1.0 - Stored Cross-Site Scripting in Edit Account Form
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
CVSS 5.4
CVE-2022-42237 WRITEUP CRITICAL WRITEUP
Merchandise Online Store 1.0 - SQL Injection
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
CVSS 9.8
CVE-2022-42238 WRITEUP HIGH WRITEUP
Merchandise Online Store 1.0 - Vertical Privilege Escalation via Direct Request
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
CVSS 8.8
CVE-2022-42991 WRITEUP MEDIUM WRITEUP
Simple Online Public Access Catalog 1.0 - Stored Cross-Site Scripting via Edit Account Full Name Field
A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.
CVSS 5.4
CVE-2022-42992 WRITEUP MEDIUM WRITEUP
Train Scheduler App v1.0 - Stored Cross-Site Scripting via Train Code, Train Name, and Destination Fields
Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.
CVSS 5.4
CVE-2022-42993 WRITEUP MEDIUM WRITEUP
Password Storage Application v1.0 - Cross-Site Scripting via Setup Page
Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.
CVSS 5.4
CVE-2023-3986 WRITEUP LOW WRITEUP
Simple Online Men's Salon Management System 1.0 - Stored Cross-Site Scripting via User List Page
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.
CVSS 2.4
CVE-2023-3987 WRITEUP MEDIUM WRITEUP
Simple Online Men's Salon Management System 1.0 - SQL Injection via /admin/?page=user/manage_user id Parameter
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.
CVSS 6.3