Trinity-SYT-SECURITY/vuln_issue_injc

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-0527. Reason: This candidate is a reservation duplicate of CVE-2023-0527. Notes: All CVE users should reference CVE-2023-0527 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.

Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item.

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.