exploitDog

CVE-2024-57428

Опубликовано: 06 фев. 2025

Источник: nvd

CVSS3: 9.3

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.

Ссылки

https://github.com/ahrixia/CVE-2024-57428
Exploit
Third Party Advisory
https://www.phpjabbers.com/cinema-booking-system/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpjabbers:cinema_booking_system:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01031

Низкий

9.3 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9p8p-c44x-848h

CVSS3: 9.3

github

около 1 года назад

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.

EPSS

Процентиль: 77%

0.01031

Низкий

9.3 Critical

CVSS3

Дефекты

CWE-79