offsecin/bugsdisclose

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-30015 ↗	May 23, 2022Monday, 23 May 2022, 21:16	5.4 MEDIUM	3.5 LOW
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.
CVE-2022-30016 ↗	May 23, 2022Monday, 23 May 2022, 17:16	8.8 HIGH	6.5 MEDIUM
Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.
CVE-2022-30017 ↗	May 23, 2022Monday, 23 May 2022, 17:16	5.4 MEDIUM	3.5 LOW
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.
CVE-2022-30014 ↗	May 23, 2022Monday, 23 May 2022, 16:16	8.8 HIGH	6.8 MEDIUM
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.