Cross Site Scripting Vulnerability in Code-Projects Farmacia 1.0
CVE-2024-11997
Key Information
- Vendor
- Code-projects
- Status
- Farmacia
- Vendor
- CVE Published:
- 30 November 2024
Badges
Summary
CVE-2024-11997 is a high-severity cross site scripting (XSS) vulnerability identified in Code-Projects' Farmacia version 1.0. The flaw exists within the 'notaFiscal' parameter of the vendas.php script, allowing attackers to manipulate input and execute malicious scripts in the context of an affected user's session. This vulnerability poses significant risks as it enables remote attackers to inject harmful scripts, potentially leading to data theft, unauthorized access, or exploitation of user sessions. The vulnerability has been publicly disclosed, raising urgent concerns for users of the affected product.
Affected Version(s)
Farmacia = 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved