CVE-2024-0467 – code-projects Employee Profile Management System edit_position_query.php cross site scripting

https://notcve.org/view.php?id=CVE-2024-0467

A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf https://vuldb.com/?ctiid.250572 https://vuldb.com/?id.250572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •