CVE-2024-9323

A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://hackmd.io/@SeaWind/rySx1IbR0 Exploit Third Party Advisory
https://vuldb.com/?ctiid.278827 Permissions Required
https://vuldb.com/?id.278827 Third Party Advisory
https://vuldb.com/?submit.413401 Third Party Advisory
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*

History

01 Oct 2024, 12:55

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 5.4
First Time Mayurik
Mayurik free And Open Source Inventory Management System
References () https://hackmd.io/@SeaWind/rySx1IbR0 - () https://hackmd.io/@SeaWind/rySx1IbR0 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.278827 - () https://vuldb.com/?ctiid.278827 - Permissions Required
References () https://vuldb.com/?id.278827 - () https://vuldb.com/?id.278827 - Third Party Advisory
References () https://vuldb.com/?submit.413401 - () https://vuldb.com/?submit.413401 - Third Party Advisory
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
CPE cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Inventory Management System 1.0. Se ha declarado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /app/action/add_staff.php. La manipulación conduce a cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

29 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-29 07:15

Updated : 2024-10-01 12:55


NVD link : CVE-2024-9323

Mitre link : CVE-2024-9323

CVE.ORG link : CVE-2024-9323


JSON object : View

Products Affected

mayurik

  • free_and_open_source_inventory_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')