Cross Site Scripting Flaw in SourceCodester Payroll Management System
CVE-2023-23022

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Employees Payroll Management System
Vendor: CVE Published:; 1 May 2024

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2023-23022?

A Cross Site Scripting vulnerability exists in SourceCodester's Employee's Payroll Management System version 1.0. This flaw enables attackers to inject and execute arbitrary code by manipulating the 'code', 'title', 'from_date', and 'to_date' input fields within the Main.php file. This could lead to unauthorized access and potential data breaches, posing serious risks to user information and overall system integrity.

References

https://gist.github.com/enferas/ffc4d8e38e238709a3dedf300...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Jan 11, 2023