CVE-2024-4645
SourceCodester Prison Management System changepassword.php cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.
Una vulnerabilidad fue encontrada en SourceCodester Prison Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /Admin/changepassword.php. La manipulación del argumento txtold_password/txtnew_password/txtconfirm_password conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263489.
Eine problematische Schwachstelle wurde in SourceCodester Prison Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /Admin/changepassword.php. Mittels Manipulieren des Arguments txtold_password/txtnew_password/txtconfirm_password mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-05-08 CVE Reserved
- 2024-05-08 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-21 CVE Updated
- 2024-08-21 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.263489 | Technical Description | |
https://vuldb.com/?submit.330022 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss4.md | 2024-08-21 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
SourceCodester Search vendor "SourceCodester" | Prison Management System Search vendor "SourceCodester" for product "Prison Management System" | 1.0 Search vendor "SourceCodester" for product "Prison Management System" and version "1.0" | en |
Affected
|