cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-2293,https://securityvulnerability.io/vulnerability/CVE-2023-2293,SourceCodester Purchase Order Management System cross site scripting,A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463.,SourceCodester,Purchase Order Management System,4.8,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-04-25T21:15:00.000Z,0
CVE-2023-2130,https://securityvulnerability.io/vulnerability/CVE-2023-2130,SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Purchase Order Management System version 1.0. This vulnerability resides in the GET parameter handler of the /admin/suppliers/view_details.php file, where improper validation of input allows attackers to manipulate the 'id' parameter. This exploitation can lead to unauthorized access to the database, enabling attackers to execute arbitrary SQL commands, retrieve sensitive data, or even modify the database's content. Due to the nature of this vulnerability, it can be exploited remotely, making it imperative for users to take immediate precautions.",SourceCodester,Purchase Order Management System,9.8,CRITICAL,0.27215999364852905,false,,false,false,false,,,false,false,,2023-04-17T20:15:00.000Z,0
CVE-2022-3503,https://securityvulnerability.io/vulnerability/CVE-2022-3503,SourceCodester Purchase Order Management System Supplier cross site scripting,A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.,Sourcecodester,Purchase Order Management System,3.5,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-14T00:00:00.000Z,0