SourceCodester Sales Tracker Management System cross site scripting
CVE-2023-3184

4.8MEDIUM

Key Information:

Vendor: SourceCodester
Status: Sales Tracker Management System
Vendor: CVE Published:; 9 June 2023

Summary

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.

Affected Version(s)

Sales Tracker Management System 1.0

References

https://vuldb.com/?id.231164

vdb-entrytechnical-description

https://vuldb.com/?ctiid.231164

signaturepermissions-required

http://packetstormsecurity.com/files/172908/Sales-Tracker...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2023
Vulnerability Reserved
Jun 9, 2023

Credit

Affan (VulDB User)