A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin/add_acc.php. The manipulation of the argument name/user/position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/Wsstiger/cve/blob/main/Tracer_XSS.md | Exploit |
https://vuldb.com/?ctiid.274747 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.274747 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?submit.391566 | Third Party Advisory VDB Entry |
Configurations
History
21 Aug 2024, 14:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Wsstiger/cve/blob/main/Tracer_XSS.md - Exploit | |
References | () https://vuldb.com/?ctiid.274747 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.274747 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.391566 - Third Party Advisory, VDB Entry | |
First Time |
Tamparongj 03 online Graduate Tracer System
Tamparongj 03 |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
CPE | cpe:2.3:a:tamparongj_03:online_graduate_tracer_system:1.0:*:*:*:*:*:*:* |
19 Aug 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Aug 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-15 23:15
Updated : 2024-08-21 14:12
NVD link : CVE-2024-7844
Mitre link : CVE-2024-7844
CVE.ORG link : CVE-2024-7844
JSON object : View
Products Affected
tamparongj_03
- online_graduate_tracer_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')