CVE-2024-5437

Опубликовано: 29 мая 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266442 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md
Exploit
https://vuldb.com/?ctiid.266442
Permissions Required
VDB Entry
https://vuldb.com/?id.266442
Permissions Required
VDB Entry
https://vuldb.com/?submit.345066
Third Party Advisory
VDB Entry
https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md
Exploit
https://vuldb.com/?ctiid.266442
Permissions Required
VDB Entry
https://vuldb.com/?id.266442
Permissions Required
VDB Entry
https://vuldb.com/?submit.345066
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:simple_online_bidding_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.001

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 28%

0.001

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79