CVE-2023-1485

Опубликовано: 18 мар. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371.

Ссылки

https://github.com/2714925725/bug_report/blob/main/XSS-1.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.223371
Third Party Advisory
https://vuldb.com/?id.223371
Third Party Advisory
https://github.com/2714925725/bug_report/blob/main/XSS-1.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.223371
Third Party Advisory
https://vuldb.com/?id.223371
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:young_entrepreneur_e-negosyo_system_project:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4qjv-73x8-gxq9

CVSS3: 6.1

github

почти 3 года назад

A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371.

EPSS

Процентиль: 25%

0.00088

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79