Aggregates CVE and security vulnerability intelligence across all train_scheduler_app_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-43079 | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | [email protected] | 6.1 | 0.36% | 2022-11-01 | 2025-05-05 |
| CVE-2022-3774 | A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. | [email protected] | 5.4 | 0.50% | 2022-10-31 | 2024-11-21 |
| CVE-2022-42992 | Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. | [email protected] | 5.4 | 0.39% | 2022-10-27 | 2025-05-07 |