Filtered by vendor Oretnom23
Subscriptions
Total
628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40686 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php. | ||||
| CVE-2025-40685 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php. | ||||
| CVE-2025-40684 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php. | ||||
| CVE-2025-40683 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php. | ||||
| CVE-2025-40682 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 9.8 Critical |
| SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint. | ||||
| CVE-2024-5385 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2025-07-30 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-266303. | ||||
| CVE-2024-40394 | 2 Oretnom23, Sourcecodester | 2 Simple Library Management System, Simple Library Management System | 2025-07-09 | 9.8 Critical |
| Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. | ||||
| CVE-2025-6869 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 4.7 Medium |
| A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6867 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 4.7 Medium |
| A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6868 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 4.7 Medium |
| A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6873 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6872 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 4.7 Medium |
| A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6871 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 7.3 High |
| A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6870 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 4.7 Medium |
| A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-24653 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 8.8 High |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. | ||||
| CVE-2023-24728 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 8.8 High |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. | ||||
| CVE-2023-24731 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 8.8 High |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. | ||||
| CVE-2023-24655 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 9.8 Critical |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. | ||||
| CVE-2023-24364 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 8.8 High |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. | ||||
| CVE-2023-24652 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 8.8 High |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. | ||||