Cross Site Scripting Vulnerability in WEB-Sekolah 1.0 Could Lead to Remote Attacks
CVE-2024-10842

4.8MEDIUM

Key Information:

Vendor

Romadebrian

Status
Web-sekolah
Vendor
CVE Published:
5 November 2024

Badges

👾 Exploit Exists

What is CVE-2024-10842?

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Version(s)

WEB-Sekolah 1.0

References

https://vuldb.com/?id.283088
vdb-entrytechnical-description
https://vuldb.com/?ctiid.283088
signaturepermissions-required
https://vuldb.com/?submit.429558
third-party-advisory

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

kever12138 (VulDB User)
.