A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackerxss.md | Exploit |
https://vuldb.com/?ctiid.274561 | Permissions Required VDB Entry |
https://vuldb.com/?id.274561 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.389362 | Third Party Advisory VDB Entry |
Configurations
History
19 Aug 2024, 16:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackerxss.md - Exploit | |
References | () https://vuldb.com/?ctiid.274561 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.274561 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.389362 - Third Party Advisory, VDB Entry | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
First Time |
Rems
Rems task Progress Tracker |
|
CPE | cpe:2.3:a:rems:task_progress_tracker:1.0:*:*:*:*:*:*:* |
14 Aug 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-14 21:15
Updated : 2024-08-19 16:25
NVD link : CVE-2024-7793
Mitre link : CVE-2024-7793
CVE.ORG link : CVE-2024-7793
JSON object : View
Products Affected
rems
- task_progress_tracker
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')