Exploit Database
145,273 exploits tracked across all sources.
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.
by sanupl
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.
by sanupl
CVSS 4.8
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
by sanupl
CVSS 4.8
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
by sanupl
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.
by sanupl
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
by sanupl
CVSS 4.8
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
by sanupl
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.
by sanupl
CVSS 4.8
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.
by sanupl
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
by sanupl
CVSS 7.2
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
by sanupl
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
by sanupl
CVSS 8.8
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
by y0naldez
CVSS 5.3
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
by sanupl
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.
by sanupl
CVSS 4.8
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.
by sanupl
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.
by sanupl
CVSS 7.2
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.
by sanupl
Vehicle Service Management System 1.0 - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.
by sanupl
Vehicle Service Management System 1.0 - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.
by sanupl
CVSS 4.8
In Vehicle Service Management System 1.0 - Info Disclosure
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
by sanupl
CVSS 9.8
In Vehicle Service Management System 1.0 - Info Disclosure
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
by sanupl
Exim 4.97-4.99.2 - Unauthenticated Use-After-Free via TLS Close Notify During CHUNKING Transfer
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
by liamromanis101
CVSS 9.8
Themeqx LetterPress <= 1.2.1 - Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
by sanupl
immich has Stored XSS via OCR Text in 360° Panorama Viewer
immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR overlay enabled. The attacker uploads an equirectangular image containing crafted text; OCR extracts it, and the panorama viewer renders it via innerHTML without sanitization. This enables session hijacking (via persistent API key creation), private photo exfiltration, and access to GPS location history and face biometric data. This vulnerability is fixed in 2.7.0.
by emanuelepns
CVSS 7.3
By Source