Vulnerabilities > Oretnom23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-15 | CVE-2022-45033 | Cross-site Scripting vulnerability in Oretnom23 Expense Tracker 1.0 A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | 5.4 |
| 2022-12-03 | CVE-2022-4278 | SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability was found in SourceCodester Human Resource Management System 1.0. | 7.2 |
| 2022-12-03 | CVE-2022-4279 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. | 6.1 |
| 2022-12-03 | CVE-2022-4273 | Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. | 9.8 |
| 2022-11-25 | CVE-2022-45218 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2022-11-16 | CVE-2022-43262 | SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0 Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | 9.8 |
| 2022-11-07 | CVE-2022-43046 | Cross-site Scripting vulnerability in Oretnom23 Food Ordering Management System 1.0 Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. | 4.8 |
| 2022-11-07 | CVE-2022-42990 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | 7.2 |
| 2022-11-07 | CVE-2022-43317 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2022-11-07 | CVE-2022-43318 | SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0 Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | 8.8 |