Invoice System In Laravel
Monthly
Cross-site scripting (XSS) in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to inject malicious scripts via the item name/description parameter in the /item endpoint. The vulnerability requires user interaction (UI:P) and affects only the integrity of victim data (VI:L), but publicly available exploit code exists and the attack vector is network-accessible.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows remote unauthenticated attackers to bypass authentication and access the /item API endpoint, resulting in limited confidentiality impact. The vulnerability has a CVSS score of 5.5 (network-accessible, low attack complexity, no privileges required), and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
Code-Projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the ID parameter in the /invoice/ endpoint, enabling unauthorized access to invoice data with potential for modification and denial of service. The vulnerability has publicly available exploit code and is actively exploitable against default configurations.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls via manipulation of the ID parameter in the Profile Handler (/profile/ endpoint), leading to unauthorized read, modification, and denial of service impacts. Public exploit code is available, elevating real-world exploitation risk despite the moderate CVSS score of 6.3.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls on the User Management Handler (/user endpoint), gaining unauthorized read, write, and availability impact. The vulnerability has a published exploit available and affects all versions of the affected product line.
Cross-site scripting (XSS) in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to inject malicious scripts via the item name/description parameter in the /item endpoint. The vulnerability requires user interaction (UI:P) and affects only the integrity of victim data (VI:L), but publicly available exploit code exists and the attack vector is network-accessible.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows remote unauthenticated attackers to bypass authentication and access the /item API endpoint, resulting in limited confidentiality impact. The vulnerability has a CVSS score of 5.5 (network-accessible, low attack complexity, no privileges required), and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
Code-Projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the ID parameter in the /invoice/ endpoint, enabling unauthorized access to invoice data with potential for modification and denial of service. The vulnerability has publicly available exploit code and is actively exploitable against default configurations.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls via manipulation of the ID parameter in the Profile Handler (/profile/ endpoint), leading to unauthorized read, modification, and denial of service impacts. Public exploit code is available, elevating real-world exploitation risk despite the moderate CVSS score of 6.3.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls on the User Management Handler (/user endpoint), gaining unauthorized read, write, and availability impact. The vulnerability has a published exploit available and affects all versions of the affected product line.