ChuckBartowski7/Vulnerability-Research

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63639 ↗	Nov 7, 2025Friday, 7 November 2025, 20:15	6.1 MEDIUM	—
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.
CVE-2025-63640 ↗	Nov 7, 2025Friday, 7 November 2025, 20:15	6.1 MEDIUM	—
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button.
CVE-2025-63638 ↗	Nov 7, 2025Friday, 7 November 2025, 20:15	6.1 MEDIUM	—
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.
CVE-2025-60316 ↗	Oct 9, 2025Thursday, 9 October 2025, 20:15	9.4 CRITICAL	—
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.
CVE-2025-60311 ↗	Oct 8, 2025Wednesday, 8 October 2025, 20:15	8.8 HIGH	—
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page
CVE-2025-60318 ↗	Oct 8, 2025Wednesday, 8 October 2025, 16:15	6.1 MEDIUM	—
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields.
CVE-2025-60313 ↗	Oct 8, 2025Wednesday, 8 October 2025, 15:16	6.1 MEDIUM	—
Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code.
CVE-2025-60314 ↗	Oct 8, 2025Wednesday, 8 October 2025, 14:15	5.4 MEDIUM	—
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript.
CVE-2025-60312 ↗	Oct 7, 2025Tuesday, 7 October 2025, 16:15	6.1 MEDIUM	—
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button.