SourceCodester Engineers Online Portal Add Engineer cross site scripting
CVE-2023-7160

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Engineers Online Portal
Vendor: CVE Published:; 29 December 2023

Summary

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input alert(0) leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.

Affected Version(s)

Engineers Online Portal 1.0

References

https://vuldb.com/?id.249182

vdb-entrytechnical-description

https://vuldb.com/?ctiid.249182

signaturepermissions-required

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 28, 2023

Credit

Farish (VulDB User)