Janobe

Young Entrepreneur E-negosyo System

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-33978

  • EPSS 0.24%
  • Veröffentlicht 06.08.2024 11:16:06
  • Zuletzt bearbeitet 15.08.2024 16:54:57

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.

6.1

CVE-2024-33975

  • EPSS 0.29%
  • Veröffentlicht 06.08.2024 11:16:05
  • Zuletzt bearbeitet 15.08.2024 16:50:35

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session ...

6.1

CVE-2024-33976

  • EPSS 0.29%
  • Veröffentlicht 06.08.2024 11:16:05
  • Zuletzt bearbeitet 15.08.2024 16:51:02

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session ...

6.1

CVE-2024-33977

  • EPSS 0.17%
  • Veröffentlicht 06.08.2024 11:16:05
  • Zuletzt bearbeitet 15.08.2024 16:53:04

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'.

7.5

CVE-2024-33957

  • EPSS 0.25%
  • Veröffentlicht 06.08.2024 11:16:04
  • Zuletzt bearbeitet 15.08.2024 16:47:12

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' p...

7.5

CVE-2024-33958

  • EPSS 0.24%
  • Veröffentlicht 06.08.2024 11:16:04
  • Zuletzt bearbeitet 15.08.2024 16:49:23

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' ...