cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3415,https://securityvulnerability.io/vulnerability/CVE-2024-3415,Cross Site Scripting Vulnerability in Superadmin_Dashboard/process/addbranches_process.php Could Lead to Remote Exploitation,"A security flaw exists in the SourceCodester Human Resource Information System 1.0, specifically within the Superadmin_Dashboard/process/addbranches_process.php file. This vulnerability results from improper handling of the branches_name argument, which can be exploited to execute cross-site scripting (XSS) attacks. Malicious actors are capable of launching these attacks remotely, posing significant risks to users and the integrity of the application. The potential repercussions of this vulnerability have been publicly disclosed, making it imperative for users and administrators to take proactive measures to mitigate risks.",Sourcecodester,Human Resource Information System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-04-06T22:00:05.000Z,true,false,false,,2024-04-06T23:00:05.461Z,0
CVE-2024-3414,https://securityvulnerability.io/vulnerability/CVE-2024-3414,Cross Site Scripting Vulnerability in Superadmin_Dashboard/process/addcorporate_process.php Could Lead to Remote Exploitation,"The SourceCodester Human Resource Information System version 1.0 contains a cross site scripting vulnerability due to improper handling of user input within the Superadmin_Dashboard process file, specifically in the addcorporate_process.php function. By manipulating the corporate_name parameter, attackers can execute arbitrary scripts on the client side, potentially leading to session hijacking, data theft, and unauthorized actions. The nature of this vulnerability allows for remote exploitation, raising concerns for web application security. Publicly disclosed details suggest that this flaw may currently be active, necessitating prompt remediation.",Sourcecodester,Human Resource Information System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-04-06T19:31:04.000Z,true,false,false,,2024-04-06T20:31:04.795Z,0
CVE-2024-3413,https://securityvulnerability.io/vulnerability/CVE-2024-3413,SQL Injection Vulnerability in SourceCodester Human Resource Information System,"A critical SQL injection vulnerability has been identified in version 1.0 of the Human Resource Information System developed by SourceCodester. The flaw exists in the 'initialize/login_process.php' file, where the manipulation of the 'hr_email' and 'hr_password' parameters enables an attacker to execute unauthorized SQL commands. This vulnerability can be exploited remotely, allowing perpetrators to access and manipulate sensitive data, which poses a significant risk to organizations relying on this system for managing human resources. As the vulnerability has been publicly disclosed, it is crucial for users to apply appropriate security measures to safeguard their systems.",Sourcecodester,Human Resource Information System,9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,2024-04-06T17:31:04.000Z,true,false,false,,2024-04-06T18:31:04.592Z,0