Search Results | AttackerKB

Show filters

Topics 3 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2024-28277

Disclosure Date: May 14, 2024 (last updated February 12, 2025)

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-24142

Disclosure Date: February 13, 2024 (last updated October 05, 2024)

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-24141

Disclosure Date: January 29, 2024 (last updated February 03, 2024)

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.

Attack Vector: Network Privileges: None User Interaction: None

0