CVE-2024-3414

Опубликовано: 06 апр. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 4.8

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583.

Ссылки

https://github.com/thisissuperann/Vul/blob/Human-Resource-Information-System/Human-Resource-Information-System-02.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.259583
Permissions Required
VDB Entry
https://vuldb.com/?id.259583
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.311436
Third Party Advisory
VDB Entry
https://github.com/thisissuperann/Vul/blob/Human-Resource-Information-System/Human-Resource-Information-System-02.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.259583
Permissions Required
VDB Entry
https://vuldb.com/?id.259583
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.311436
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nelzkie15:human_resource_information_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ccq8-85cf-r5qh

CVSS3: 3.5

github

почти 2 года назад

EPSS

Процентиль: 19%

0.00061

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79