CVE-2024-10348

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*

History

30 Oct 2024, 13:03

Type Values Removed Values Added
First Time Mayurik best House Rental Management System
Mayurik
CPE cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 5.4
References () https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md - () https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.281697 - () https://vuldb.com/?ctiid.281697 - Permissions Required
References () https://vuldb.com/?id.281697 - () https://vuldb.com/?id.281697 - Third Party Advisory
References () https://vuldb.com/?submit.427471 - () https://vuldb.com/?submit.427471 - Third Party Advisory
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

25 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Best House Rental Management System 1.0. Se ha clasificado como problemática. Afecta a una parte desconocida del archivo /index.php?page=tenants del componente Manage Tenant Details. La manipulación del argumento Last Name/First Name/Middle Name provoca cross-site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores solo muestra que el campo "Last Name" se verá afectado. También podrían verse afectados otros campos.

24 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-24 22:15

Updated : 2024-10-30 13:03


NVD link : CVE-2024-10348

Mitre link : CVE-2024-10348

CVE.ORG link : CVE-2024-10348


JSON object : View

Products Affected

mayurik

  • best_house_rental_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')