Filtered by vendor Remyandrade
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63892 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-11-20 | 6.8 Medium |
| A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting. | ||||
| CVE-2025-63708 | 2 Remyandrade, Sourcecodester | 2 Ai Font Matcher, Ai Font Matcher | 2025-11-20 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts. | ||||
| CVE-2025-13349 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-11-20 | 3.5 Low |
| A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-63713 | 2 Remyandrade, Sourcecodester | 2 Matching Type Test, Matchmaster | 2025-11-18 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution. | ||||
| CVE-2025-63714 | 2 Remyandrade, Sourcecodester | 2 Modern User Account Generator, User Account Generator | 2025-11-17 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users. | ||||
| CVE-2025-63639 | 2 Remyandrade, Sourcecodester | 2 Faq Bot With Ai Assistant, Faq Bot With Ai Assistant | 2025-11-17 | 6.1 Medium |
| The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation. | ||||
| CVE-2025-63638 | 2 Remyandrade, Sourcecodester | 2 Ai-powered To-do List App, Ai Powered To Do List App | 2025-11-17 | 6.1 Medium |
| Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button. | ||||
| CVE-2025-26258 | 2 Remyandrade, Sourcecodester | 2 Employee Management System, Employee Management System | 2025-11-06 | 6.1 Medium |
| Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.' | ||||
| CVE-2025-12332 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-10-31 | 2.4 Low |
| A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2025-11485 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-10-09 | 2.4 Low |
| A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-8380 | 2 Remyandrade, Sourcecodester | 2 Contact Manager With Export To Vcf, Contact Manager | 2025-09-25 | 6.3 Medium |
| A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-57117 | 1 Remyandrade | 1 Employee Management System | 2025-09-18 | 5.4 Medium |
| A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department. | ||||
| CVE-2025-57425 | 2 Remyandrade, Sourcecodester | 2 Faq Management System, Faq Management System | 2025-09-04 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. | ||||
| CVE-2025-1166 | 1 Remyandrade | 1 Food Menu Manager | 2025-08-01 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2025-06-20 | 6.1 Medium |
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2024-1269 | 1 Remyandrade | 1 Product Management System | 2025-06-10 | 2.4 Low |
| A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. | ||||
| CVE-2025-5628 | 1 Remyandrade | 1 Food Menu Manager | 2025-06-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2025-06-05 | 6.1 Medium |
| Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | ||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | 7.2 High |
| Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' | ||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2025-05-29 | 4.8 Medium |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | ||||