Chen1-Boop/CVE

Releases0

CYL'S CVE Details

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63248 ↗	Nov 5, 2025Wednesday, 5 November 2025, 17:15	7.5 HIGH	—
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.
CVE-2025-60308 ↗	Oct 10, 2025Friday, 10 October 2025, 17:15	4.1 MEDIUM	—
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing this room information
CVE-2025-60306 ↗	Oct 10, 2025Friday, 10 October 2025, 17:15	9.9 CRITICAL	—
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.
CVE-2025-60307 ↗	Oct 10, 2025Friday, 10 October 2025, 16:15	9.8 CRITICAL	—
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
CVE-2025-60305 ↗	Oct 10, 2025Friday, 10 October 2025, 16:15	8.8 HIGH	—
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
CVE-2025-60304 ↗	Oct 9, 2025Thursday, 9 October 2025, 17:16	6.1 MEDIUM	—
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.
CVE-2025-60302 ↗	Oct 9, 2025Thursday, 9 October 2025, 16:15	6.1 MEDIUM	—
code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.
CVE-2025-56295 ↗	Sep 16, 2025Tuesday, 16 September 2025, 15:15	7.3 HIGH	—
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.
CVE-2025-56293 ↗	Sep 16, 2025Tuesday, 16 September 2025, 15:15	5.4 MEDIUM	—
code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field.
CVE-2025-56289 ↗	Sep 16, 2025Tuesday, 16 September 2025, 15:15	5.4 MEDIUM	—
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files.
CVE-2025-56280 ↗	Sep 16, 2025Tuesday, 16 September 2025, 15:15	5.4 MEDIUM	—
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information.
CVE-2025-56276 ↗	Sep 16, 2025Tuesday, 16 September 2025, 14:15	5.4 MEDIUM	—
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information.
CVE-2025-56274 ↗	Sep 15, 2025Monday, 15 September 2025, 22:15	8.1 HIGH	—
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.