An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know...

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/room-rent-portal-site/sql.md

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/xss.md

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/room-rent-portal-site/xss.md

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/Covid-19-Travel-Pass-Management-System/sql.md

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. Date published : 2022-05-24 https://github.com/mikeccltt/bug_report_CVE/blob/main/toll-tax-management-system/xss.md

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. Date published : 2022-05-24 https://github.com/mikeccltt/chatbot/blob/main/chatbot-app-suggestion-phpoop/xss.md

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. Date published : 2022-05-24 https://github.com/mikeccltt/automotive/blob/main/automotive-shop-management-system/sql.md

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/wbms_bug_report/blob/main/water-billing-management-system/xss.md

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id Date published : 2022-05-24 https://github.com/mikeccltt/wbms_bug_report/blob/main/water-billing-management-system/sql.md

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. Date published : 2022-05-24 https://github.com/mikeccltt/sns_bug_report/blob/main/simple-social-networking-site-instagram/xss.md

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. Date published : 2022-05-24 https://github.com/mikeccltt/chatbot/blob/main/chatbot-app-suggestion-phpoop/sql.md

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. Date published : 2022-05-24 https://github.com/mikeccltt/automotive/blob/main/automotive-shop-management-system/xss.md

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. Date published : 2022-05-24 https://github.com/mikeccltt/badminton-center-management-system/blob/main/badminton-center-management-system-xss.md