School Task Manager
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24142 | 0.01 | — | 0.01 | Feb 13, 2024 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | |||
| CVE-2024-24141 | 0.01 | — | 0.01 | Jan 29, 2024 | Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. | |||
| CVE-2024-28276 | 0.00 | — | 0.00 | May 13, 2024 | Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. | |||
| CVE-2024-28277 | 0.00 | — | 0.00 | May 13, 2024 | In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of… | |||
| CVE-2024-26517 | 0.00 | — | 0.01 | May 8, 2024 | SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. |
- CVE-2024-24142Feb 13, 2024risk 0.01cvss —epss 0.01
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
- CVE-2024-24141Jan 29, 2024risk 0.01cvss —epss 0.01
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
- CVE-2024-28276May 13, 2024risk 0.00cvss —epss 0.00
Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.
- CVE-2024-28277May 13, 2024risk 0.00cvss —epss 0.00
In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of…
- CVE-2024-26517May 8, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.