CVE-2024-13021 – SourceCodester Road Accident Map Marker add-mark.php cross site scripting

https://notcve.org/view.php?id=CVE-2024-13021

29 Dec 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •