Cross-Site Scripting Vulnerability in itsourcecode Vehicle Management System
CVE-2024-12783

6.1MEDIUM

Key Information:

Vendor

Itsourcecode

Status
Vehicle Management System
Vendor
CVE Published:
19 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-12783?

CVE-2024-12783 is a high-risk cross-site scripting (XSS) vulnerability that affects the itsourcecode Vehicle Management System version 1.0. The issue arises from inadequate processing of user-supplied data in the /billaction.php file, specifically through the 'extra-cost' argument. This oversight allows attackers to inject malicious scripts that can be executed in the context of the user's browser. The vulnerability can be exploited remotely, posing significant risk to users of the Vehicle Management System. Organizations are advised to apply available patches and implement necessary security measures to protect against potential exploitation.

Affected Version(s)

Vehicle Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12783 - Proof of Concept

References

https://vuldb.com/?id.288959
vdb-entrytechnical-description
https://vuldb.com/?ctiid.288959
signaturepermissions-required
https://vuldb.com/?submit.462628
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

FinleyTang (VulDB User)
.