A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab | Exploit |
https://vuldb.com/?ctiid.281022 | Permissions Required VDB Entry |
https://vuldb.com/?id.281022 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.426884 | Third Party Advisory VDB Entry |
Configurations
History
23 Oct 2024, 14:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Code-projects
Code-projects pharmacy Management System |
|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 4.8 |
References | () https://code-projects.org/ - Product | |
References | () https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab - Exploit | |
References | () https://vuldb.com/?ctiid.281022 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.281022 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.426884 - Third Party Advisory, VDB Entry |
21 Oct 2024, 17:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Oct 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-21 01:15
Updated : 2024-10-23 14:14
NVD link : CVE-2024-10197
Mitre link : CVE-2024-10197
CVE.ORG link : CVE-2024-10197
JSON object : View
Products Affected
code-projects
- pharmacy_management_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')