Filtered by vendor Remyandrade
Subscribe
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3302 | 1 Remyandrade | 1 Doctor Appointment System | 2026-02-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-3163 | 1 Remyandrade | 1 Website Link Extractor | 2026-02-25 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-3070 | 1 Remyandrade | 1 Modern Image Gallery App | 2026-02-24 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-70457 | 1 Remyandrade | 1 Modern Image Gallery App | 2026-01-30 | N/A | 9.8 CRITICAL |
|
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
|
|||||
| CVE-2025-70458 | 1 Remyandrade | 1 Domain Availability Checker | 2026-01-30 | N/A | 5.4 MEDIUM |
|
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
|
|||||
| CVE-2026-0580 | 1 Remyandrade | 1 Api Key Manager App | 2026-01-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.
|
|||||
| CVE-2024-1215 | 1 Remyandrade | 1 Crud Without Page Reload\/refresh | 2025-12-30 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2025-14530 | 1 Remyandrade | 1 Real Estate Property Listing App | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-64070 | 1 Remyandrade | 1 Student Grades Management System | 2025-12-03 | N/A | 5.4 MEDIUM |
|
Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.
|
|||||
| CVE-2025-63892 | 1 Remyandrade | 1 Student Grades Management System | 2025-11-20 | N/A | 6.8 MEDIUM |
|
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting.
|
|||||
| CVE-2025-63708 | 1 Remyandrade | 1 Ai Font Matcher | 2025-11-20 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and una ...
Show More |
|||||
| CVE-2025-13349 | 1 Remyandrade | 1 Student Grades Management System | 2025-11-20 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-63713 | 1 Remyandrade | 1 Matching Type Test | 2025-11-18 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.
|
|||||
| CVE-2025-63714 | 1 Remyandrade | 1 Modern User Account Generator | 2025-11-17 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users.
|
|||||
| CVE-2025-63639 | 1 Remyandrade | 1 Faq Bot With Ai Assistant | 2025-11-17 | N/A | 6.1 MEDIUM |
|
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation.
|
|||||
| CVE-2025-63638 | 1 Remyandrade | 1 Ai-powered To-do List App | 2025-11-17 | N/A | 6.1 MEDIUM |
|
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.
|
|||||
| CVE-2025-26258 | 1 Remyandrade | 1 Employee Management System | 2025-11-06 | N/A | 6.1 MEDIUM |
|
Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.'
|
|||||
| CVE-2025-12332 | 1 Remyandrade | 1 Student Grades Management System | 2025-10-31 | 3.3 LOW | 2.4 LOW |
|
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
|
|||||
| CVE-2025-11485 | 1 Remyandrade | 1 Student Grades Management System | 2025-10-09 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2024-8380 | 1 Remyandrade | 1 Contact Manager With Export To Vcf | 2025-09-25 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-57117 | 1 Remyandrade | 1 Employee Management System | 2025-09-18 | N/A | 5.4 MEDIUM |
|
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.
|
|||||
| CVE-2025-57425 | 1 Remyandrade | 1 Faq Management System | 2025-09-04 | N/A | 6.1 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint.
|
|||||
| CVE-2025-1166 | 1 Remyandrade | 1 Food Menu Manager | 2025-08-01 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2025-06-20 | N/A | 6.1 MEDIUM |
|
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
|
|||||
| CVE-2025-5628 | 1 Remyandrade | 1 Food Menu Manager | 2025-06-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2025-06-05 | N/A | 6.1 MEDIUM |
|
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.
|
|||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | N/A | 7.2 HIGH |
|
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
|
|||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2025-05-29 | N/A | 4.8 MEDIUM |
|
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.
|
|||||
| CVE-2024-24945 | 1 Remyandrade | 1 Travel Journal Using Php And Mysql With Source Code | 2025-05-29 | N/A | 6.1 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php.
|
|||||
| CVE-2024-24041 | 1 Remyandrade | 1 Travel Journal Using Php And Mysql With Source Code | 2025-05-29 | N/A | 6.1 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.
|
|||||
| CVE-2024-24495 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-15 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
|
|||||
| CVE-2024-24494 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-15 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
|
|||||
| CVE-2024-25302 | 1 Remyandrade | 1 Event Student Attendance System | 2025-05-08 | N/A | 9.8 CRITICAL |
|
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.
|
|||||
| CVE-2024-24050 | 1 Remyandrade | 1 Workout Journal App | 2025-04-23 | N/A | 4.7 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.
|
|||||
| CVE-2025-29719 | 1 Remyandrade | 1 Employee Management System | 2025-04-10 | N/A | 6.1 MEDIUM |
|
SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields.
|
|||||
| CVE-2024-28277 | 1 Remyandrade | 1 School Task Manager | 2025-03-27 | N/A | 6.1 MEDIUM |
|
In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.
|
|||||
| CVE-2024-2604 | 1 Remyandrade | 1 File Manager App | 2025-03-06 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2025-1905 | 1 Remyandrade | 1 Employee Management System | 2025-03-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2024-2075 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-03-05 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.
|
|||||
| CVE-2025-1160 | 1 Remyandrade | 1 Employee Management System | 2025-03-03 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||