sorcha-l

4 exploits Active since Mar 2025
CVE-2025-1905 WRITEUP LOW WRITEUP
SourceCodester Employee Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 3.5
CVE-2025-1954 WRITEUP HIGH WRITEUP
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Login Username Parameter
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2025-2084 WRITEUP LOW WRITEUP
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting in Search Report Page
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-2371 WRITEUP LOW WRITEUP
Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting via regmobilenumber Parameter
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile Number Search. The manipulation of the argument regmobilenumber leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5