CVE-2024-10197

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
Link Resource
https://code-projects.org/ Product
https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab Exploit
https://vuldb.com/?ctiid.281022 Permissions Required VDB Entry
https://vuldb.com/?id.281022 Third Party Advisory VDB Entry
https://vuldb.com/?submit.426884 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*

History

23 Oct 2024, 14:14

Type Values Removed Values Added
CPE cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*
First Time Code-projects
Code-projects pharmacy Management System
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab - () https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab - Exploit
References () https://vuldb.com/?ctiid.281022 - () https://vuldb.com/?ctiid.281022 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.281022 - () https://vuldb.com/?id.281022 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.426884 - () https://vuldb.com/?submit.426884 - Third Party Advisory, VDB Entry

21 Oct 2024, 17:09

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha clasificado como problemática. Se ve afectada una función desconocida del archivo /manage_supplier.php del componente Manage Supplier Page. La manipulación del argumento address provoca Cross-Site Scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. También pueden verse afectados otros parámetros.

21 Oct 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 01:15

Updated : 2024-10-23 14:14


NVD link : CVE-2024-10197

Mitre link : CVE-2024-10197

CVE.ORG link : CVE-2024-10197


JSON object : View

Products Affected

code-projects

  • pharmacy_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')