CVE-2024-9799

A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument email_address/address/company_name/job_title/jobDescriptionparameter leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://gist.github.com/sechurity/07c5a3a15f21313ee657d05baadbee19 Exploit Third Party Advisory
https://vuldb.com/?ctiid.279949 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.279949 Third Party Advisory VDB Entry
https://vuldb.com/?submit.417589 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:rems:profile_registration_without_reload\/refresh:1.0:*:*:*:*:*:*:*

History

17 Oct 2024, 14:32

Type Values Removed Values Added
References () https://gist.github.com/sechurity/07c5a3a15f21313ee657d05baadbee19 - () https://gist.github.com/sechurity/07c5a3a15f21313ee657d05baadbee19 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.279949 - () https://vuldb.com/?ctiid.279949 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.279949 - () https://vuldb.com/?id.279949 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.417589 - () https://vuldb.com/?submit.417589 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
CPE cpe:2.3:a:rems:profile_registration_without_reload\/refresh:1.0:*:*:*:*:*:*:*
First Time Rems
Rems profile Registration Without Reload\/refresh
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 6.1

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Profile Registration without Reload Refresh 1.0 y se ha clasificado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo add.php. La manipulación del parámetro email_address/address/company_name/job_title/jobDescription conduce a cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

10 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-10 17:15

Updated : 2024-10-17 14:32


NVD link : CVE-2024-9799

Mitre link : CVE-2024-9799

CVE.ORG link : CVE-2024-9799


JSON object : View

Products Affected

rems

  • profile_registration_without_reload\/refresh
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')