CVE-2023-36158

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.

Ссылки

http://toll.com
Not Applicable
https://cyberredteam.tech/posts/cve-2023-36158/
Exploit
Third Party Advisory
https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html
Product
http://toll.com
Not Applicable
https://cyberredteam.tech/posts/cve-2023-36158/
Exploit
Third Party Advisory
https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:toll_tax_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-63m7-fp94-2qv7