Cross Site Scripting Vulnerability in Farmacia 1.0
CVE-2024-11660

5.4MEDIUM

Key Information:

Vendor
code-projects
Status
Farmacia
Vendor
CVE Published:
25 November 2024

Summary

An identified vulnerability within Code-Projects Farmacia version 1.0 allows for cross site scripting (XSS) via manipulation of the 'name' parameter in the usuario.php file. This security flaw enables potential attackers to execute malicious scripts in the context of the user's browser, leading to unauthorized access and data exposure. Furthermore, the vulnerability may extend to other parameters within the application, thus broadening the attack surface. Due to the nature of XSS, exploitation can occur remotely, risking user safety and data integrity.

References

https://code-projects.org/
https://github.com/evo-ose/cve/blob/main/xss9.md
https://vuldb.com/?ctiid.285981

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-11660 : Cross Site Scripting Vulnerability in Farmacia 1.0 | SecurityVulnerability.io