CVE-2024-6267

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
CVSS v2 : 3.3
v3 : 4.8
v2 : 3.3
v3 : 2.4
References () https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing - Exploit () https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing - Exploit
References () https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md - Exploit, Third Party Advisory () https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.269479 - Permissions Required () https://vuldb.com/?ctiid.269479 - Permissions Required
References () https://vuldb.com/?id.269479 - Third Party Advisory, VDB Entry () https://vuldb.com/?id.269479 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.362661 - Third Party Advisory, VDB Entry () https://vuldb.com/?submit.362661 - Third Party Advisory, VDB Entry

06 Sep 2024, 16:56

Type Values Removed Values Added
CPE cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*
References () https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing - () https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing - Exploit
References () https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md - () https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.269479 - () https://vuldb.com/?ctiid.269479 - Permissions Required
References () https://vuldb.com/?id.269479 - () https://vuldb.com/?id.269479 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.362661 - () https://vuldb.com/?submit.362661 - Third Party Advisory, VDB Entry
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
First Time Oretnom23 service Provider Management System
Oretnom23

24 Jun 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en SourceCodester Service Provider Management System 1.0 y clasificada como problemática. Una función desconocida del archivo system_info/index.php del componente System Info Page es afectada por esta vulnerabilidad. La manipulación del argumento Nombre del sistema/Nombre corto del sistema conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-269479.

23 Jun 2024, 09:15

Type Values Removed Values Added
References
  • () https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md -

23 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-23 06:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6267

Mitre link : CVE-2024-6267

CVE.ORG link : CVE-2024-6267


JSON object : View

Products Affected

oretnom23

  • service_provider_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')