CVE-2021-46075 Exploit Title: Vehicle Service Management System – ‘Multiple’ Privilege Escalation Leads to CRUD OperationsExploit Author: P.L.SanuCVE: CVE-2021-46075CVSS: 7.2 HIGHReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-privilege-escalation-leads-to-crud-operationshttps://nvd.nist.gov/vuln/detail/CVE-2021-46075https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46075 Description:A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources...

CVE-2021-46074 Exploit Title: Vehicle Service Management System – ‘Settings’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46074CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46074https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46074 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login...

CVE-2021-46073 Exploit Title: Vehicle Service Management System – ‘User List’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46073CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46073https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46073 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section...

CVE-2021-46072 Exploit Title: Vehicle Service Management System – ‘Service List’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46072CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-service-list-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46072https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46072 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in...