A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/samwbs/kortexcve/blob/main/xss_adds/XSS_adds.md | Exploit |
https://vuldb.com/?ctiid.274142 | Permissions Required |
https://vuldb.com/?id.274142 | Third Party Advisory |
https://vuldb.com/?submit.389164 | Third Party Advisory |
Configurations
History
20 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mayurik:advocate_office_management_system:1.0:*:*:*:*:*:*:* | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
First Time |
Mayurik advocate Office Management System
Mayurik |
|
References | () https://github.com/samwbs/kortexcve/blob/main/xss_adds/XSS_adds.md - Exploit | |
References | () https://vuldb.com/?ctiid.274142 - Permissions Required | |
References | () https://vuldb.com/?id.274142 - Third Party Advisory | |
References | () https://vuldb.com/?submit.389164 - Third Party Advisory |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-20 13:53
NVD link : CVE-2024-7685
Mitre link : CVE-2024-7685
CVE.ORG link : CVE-2024-7685
JSON object : View
Products Affected
mayurik
- advocate_office_management_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')