jaychou8023

5 exploits Active since Nov 2024
CVE-2024-11996 WRITEUP LOW WRITEUP
Farmacia 1.0 - XSS
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 3.5
CVE-2024-11997 WRITEUP LOW WRITEUP
Farmacia 1.0 - XSS
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-11998 WRITEUP MEDIUM WRITEUP
Farmacia 1.0 - SQL Injection
A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-12000 WRITEUP LOW WRITEUP
Code-projects Blood Bank System - Code Injection
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 3.5
CVE-2024-12001 WRITEUP LOW WRITEUP
Anisha Wazifa System - Code Injection
A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 3.5