Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6430 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6429 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6428 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6427 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6426 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6425 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6424 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6423 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6422 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6420 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6419 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6418 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6417 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6416 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6415 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:18 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6414 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:17 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6413 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:17 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6412 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:16 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6411 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:16 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6410 |
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. Published: November 30, 2023; 9:15:15 AM -0500 |
V3.x:(not available) V2.0:(not available) |