CVE-2024-3433
PuneethReddyHC Event Management register.php cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se ha encontrado una vulnerabilidad en PuneethReddyHC Event Management 1.0 y se ha clasificado como problemática. Una función desconocida del archivo /backend/register.php es afectada por esta vulnerabilidad. La manipulación del argumento event_id/full_name/email/mobile/college/branch conduce a cross-site scripting. Es posible lanzar el ataque de forma remota. VDB-259614 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
Es wurde eine problematische Schwachstelle in PuneethReddyHC Event Management 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /backend/register.php. Durch die Manipulation des Arguments event_id/full_name/email/mobile/college/branch mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-04-07 CVE Reserved
- 2024-04-07 CVE Published
- 2024-04-08 EPSS Updated
- 2024-08-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://packetstormsecurity.com/files/177841/Event-Management-1.0-SQL-Injection.html | Related | |
https://vuldb.com/?id.259614 | Technical Description | |
https://vuldb.com/?submit.307744 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
PuneethReddyHC Search vendor "PuneethReddyHC" | Event Management Search vendor "PuneethReddyHC" for product "Event Management" | 1.0 Search vendor "PuneethReddyHC" for product "Event Management" and version "1.0" | en |
Affected
|