CVE-2024-9952

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*

History

16 Oct 2024, 15:05

Type Values Removed Values Added
First Time Oretnom23 online Eyewear Shop
Oretnom23
CPE cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
References () https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d - () https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.280319 - () https://vuldb.com/?ctiid.280319 - Permissions Required
References () https://vuldb.com/?id.280319 - () https://vuldb.com/?id.280319 - Third Party Advisory
References () https://vuldb.com/?submit.423229 - () https://vuldb.com/?submit.423229 - Third Party Advisory
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Online Eyewear Shop 1.0 y se ha clasificado como problemática. Este problema afecta a algunos procesos desconocidos del archivo /admin/?page=system_info/contact_info del componente Contact Information Page. La manipulación del argumento Address provoca Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse. También pueden verse afectados otros parámetros.

15 Oct 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-15 02:15

Updated : 2024-10-16 15:05


NVD link : CVE-2024-9952

Mitre link : CVE-2024-9952

CVE.ORG link : CVE-2024-9952


JSON object : View

Products Affected

oretnom23

  • online_eyewear_shop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')