CVE-2024-3377
SourceCodester Computer Laboratory Management System cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.
Una vulnerabilidad fue encontrada en SourceCodester Computer Laboratory Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a código desconocido del archivo /classes/SystemSettings.php?f=update_settings. La manipulación del nombre del argumento conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-259498 es el identificador asignado a esta vulnerabilidad.
In SourceCodester Computer Laboratory Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /classes/SystemSettings.php?f=update_settings. Durch Manipulieren des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-05 CVE Reserved
- 2024-04-06 CVE Published
- 2024-04-07 EPSS Updated
- 2024-05-01 First Exploit
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.259498 | Technical Description | |
https://vuldb.com/?submit.311155 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/Neo-XeD/CVE-2024-33775 | 2024-05-01 | |
https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
SourceCodester Search vendor "SourceCodester" | Computer Laboratory Management System Search vendor "SourceCodester" for product "Computer Laboratory Management System" | 1.0 Search vendor "SourceCodester" for product "Computer Laboratory Management System" and version "1.0" | en |
Affected
|