sanin-s1r3n/CVE-Research

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63449 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	5.4 MEDIUM	—
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
CVE-2025-63453 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	9.8 CRITICAL	—
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVE-2025-63452 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	9.4 CRITICAL	—
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVE-2025-63451 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	9.8 CRITICAL	—
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVE-2025-63450 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	5.4 MEDIUM	—
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
CVE-2025-63446 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	6.1 MEDIUM	—
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
CVE-2025-63447 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	6.1 MEDIUM	—
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
CVE-2025-63448 ↗	Nov 3, 2025Monday, 3 November 2025, 16:15	6.1 MEDIUM	—
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
CVE-2025-63443 ↗	Nov 3, 2025Monday, 3 November 2025, 15:15	5.4 MEDIUM	—
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
CVE-2025-63442 ↗	Nov 3, 2025Monday, 3 November 2025, 15:15	4.6 MEDIUM	—
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
CVE-2025-12332 ↗	Oct 28, 2025Tuesday, 28 October 2025, 00:15	2.4 LOW	3.3 LOW
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2025-11481 ↗	Oct 8, 2025Wednesday, 8 October 2025, 17:15	6.3 MEDIUM	6.5 MEDIUM
A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVE-2025-61096 ↗	Oct 2, 2025Thursday, 2 October 2025, 15:15	6.5 MEDIUM	—
PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.
CVE-2025-61087 ↗	Oct 2, 2025Thursday, 2 October 2025, 15:15	6.1 MEDIUM	—
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.