Cross Site Scripting Vulnerability in Farmacia 1.0
CVE-2024-11660

5.4MEDIUM

Key Information:

Vendor: code-projects
Status: Farmacia
Vendor: CVE Published:; 25 November 2024

🔔 Create code-projects Vulnerability Alert

What is CVE-2024-11660?

An identified vulnerability within Code-Projects Farmacia version 1.0 allows for cross site scripting (XSS) via manipulation of the 'name' parameter in the usuario.php file. This security flaw enables potential attackers to execute malicious scripts in the context of the user's browser, leading to unauthorized access and data exposure. Furthermore, the vulnerability may extend to other parameters within the application, thus broadening the attack surface. Due to the nature of XSS, exploitation can occur remotely, risking user safety and data integrity.

References

https://code-projects.org/

https://github.com/evo-ose/cve/blob/main/xss9.md

https://vuldb.com/?ctiid.285981

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2024