CVE-2023-1006

Опубликовано: 24 фев. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input "> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.

Ссылки

https://vuldb.com/?ctiid.221739
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.221739
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.221739
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.221739
Permissions Required
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:medical_certificate_generator_app_project:medical_certificate_generator_app:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j6m9-rjm3-mq89

CVSS3: 5.4

github

почти 3 года назад

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.

EPSS

Процентиль: 20%

0.00064

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79