CVE-2024-10842

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:romadebrian:web-sekolah:1.0:*:*:*:*:*:*:*

History

06 Nov 2024, 22:43

Type Values Removed Values Added
References () https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md - () https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283088 - () https://vuldb.com/?ctiid.283088 - Permissions Required
References () https://vuldb.com/?id.283088 - () https://vuldb.com/?id.283088 - Third Party Advisory
References () https://vuldb.com/?submit.429558 - () https://vuldb.com/?submit.429558 - Third Party Advisory
CPE cpe:2.3:a:romadebrian:web-sekolah:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en romadebrian WEB-Sekolah 1.0. Este problema afecta a una funcionalidad desconocida del archivo /Admin/Proses_Edit_Akun.php del componente Backend. La manipulación del argumento Username_Baru/Password provoca Cross Site Scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
First Time Romadebrian
Romadebrian web-sekolah
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8

05 Nov 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-05 14:15

Updated : 2024-11-06 22:43


NVD link : CVE-2024-10842

Mitre link : CVE-2024-10842

CVE.ORG link : CVE-2024-10842


JSON object : View

Products Affected

romadebrian

  • web-sekolah
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-707

Improper Neutralization

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')