CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24945
https://notcve.org/view.php?id=CVE-2024-24945
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php. Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con código fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Share Your Moments en /travel-journal/write -journal.php. • https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md https://portswigger.net/web-security/cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24041
https://notcve.org/view.php?id=CVE-2024-24041
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con código fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de ubicación en /travel-journal/write-journal .php. • https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md https://portswigger.net/web-security/cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •