SourceCodester Employee Management System edit-profile.php cross site scripting
CVE-2024-1010

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Employee Management System
Vendor: CVE Published:; 29 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.

Affected Version(s)

Employee Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1010 - Proof of Concept

References

https://vuldb.com/?id.252279

vdb-entrytechnical-description

https://vuldb.com/?ctiid.252279

signaturepermissions-required

https://github.com/jomskiller/Employee-Management-System-...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jan 29, 2024
👾
Exploit known to exist
Jan 29, 2024
Vulnerability published
Jan 29, 2024
Vulnerability Reserved
Jan 29, 2024

Credit

Joma Peralta

jomskiller (VulDB User)