CVE-2024-10198

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:pharmacy_management:1.0:*:*:*:*:*:*:*

History

22 Oct 2024, 15:39

Type Values Removed Values Added
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
First Time Code-projects
Code-projects pharmacy Management
CPE cpe:2.3:a:code-projects:pharmacy_management:1.0:*:*:*:*:*:*:*
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec - () https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.281023 - () https://vuldb.com/?ctiid.281023 - Permissions Required
References () https://vuldb.com/?id.281023 - () https://vuldb.com/?id.281023 - Third Party Advisory
References () https://vuldb.com/?submit.426885 - () https://vuldb.com/?submit.426885 - Third Party Advisory

21 Oct 2024, 17:09

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha declarado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /manage_customer.php del componente Manage Customer Page. La manipulación del argumento providers_name/address conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores menciona archivos contradictorios que se verán afectados. También podrían verse afectados otros parámetros.

21 Oct 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 02:15

Updated : 2024-10-22 15:39


NVD link : CVE-2024-10198

Mitre link : CVE-2024-10198

CVE.ORG link : CVE-2024-10198


JSON object : View

Products Affected

code-projects

  • pharmacy_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')