Filtered by vendor Simple Online Public Access Catalog Project Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-42991 1 Simple Online Public Access Catalog Project 1 Simple Online Public Access Catalog 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.
CVE-2022-3495 1 Simple Online Public Access Catalog Project 1 Simple Online Public Access Catalog 2024-11-21 7.3 High
A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.