CVE-2023-0571

A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:canteen_management_system_project:canteen_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:37

Type Values Removed Values Added
References () https://github.com/ctflearner/Vulnerability/blob/main/Canteen%20Management%20System/Canteen_Management_System_XSS_IN_Add_Customer.md - Exploit, Third Party Advisory () https://github.com/ctflearner/Vulnerability/blob/main/Canteen%20Management%20System/Canteen_Management_System_XSS_IN_Add_Customer.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.219730 - Third Party Advisory () https://vuldb.com/?ctiid.219730 - Third Party Advisory
References () https://vuldb.com/?id.219730 - Permissions Required () https://vuldb.com/?id.219730 - Permissions Required
CVSS v2 : 4.0
v3 : 5.4
v2 : 4.0
v3 : 3.5

11 Apr 2024, 01:17

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en SourceCodester Canteen Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo createcustomer.php del componente Add Customer. La manipulación del nombre del argumento conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-219730 es el identificador asignado a esta vulnerabilidad.

Information

Published : 2023-01-29 18:15

Updated : 2024-11-21 07:37


NVD link : CVE-2023-0571

Mitre link : CVE-2023-0571

CVE.ORG link : CVE-2023-0571


JSON object : View

Products Affected

canteen_management_system_project

  • canteen_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')