Aggregator

Submit #811567 / VDB-365342

Submit #813736 / VDB-365403

Submit #813734 / VDB-365403

Submit #813725 / VDB-365402

Submit #813732 / VDB-365401

Submit #813731 / VDB-365401

Submit #813730 / VDB-365401

Submit #813723 / VDB-365401

A vulnerability classified as problematic has been found in code-projects Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2026-9419. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /changepassemp.php. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability appears as CVE-2026-9418. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as problematic has been reported in code-projects Employee Management System 1.0. Affected is an unknown function of the file /myprofileup.php. Performing a manipulation of the argument ID results in cross site scripting. This vulnerability is reported as CVE-2026-9417. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as problematic has been found in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. This vulnerability is documented as CVE-2026-9416. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in code-projects Employee Management System 1.0. This affects an unknown function of the file /eloginwel.php. This manipulation of the argument ID causes cross site scripting. This vulnerability is registered as CVE-2026-9415. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer_name results in cross site scripting. This vulnerability is cataloged as CVE-2026-9414. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been rated as problematic. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. This vulnerability is listed as CVE-2026-9413. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been declared as critical. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-9412. The attack can be launched remotely. Moreover, an exploit is present. Multiple endpoints are affected.

Submit #813703 / VDB-365400

Submit #813702 / VDB-365399

Submit #813699 / VDB-365398

Submit #813698 / VDB-365397