CVE-2024-13021

Опубликовано: 29 дек. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name/details leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Ссылки

https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.289712
Permissions Required
VDB Entry
https://vuldb.com/?id.289712
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.469267
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/
Product
https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rems:road_accident_map_marker:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pfp6-3p25-49rj

CVSS3: 3.5

github

около 1 года назад

A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

EPSS

Процентиль: 27%

0.00094

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79