Cross-Site Scripting Vulnerability in Hostel Management System by Code-Projects
CVE-2024-12790

8.2HIGH

Key Information:

Vendor
Code-projects
Status
Hostel Management Site
Vendor
CVE Published:
19 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-12790 is a high-severity cross-site scripting (XSS) vulnerability present in the Hostel Management System version 1.0, specifically in the room-details.php file. This vulnerability allows remote attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or other malicious activities. Given the public disclosure of this exploit, it is imperative for users and administrators to prioritize updating their systems and implementing security measures to mitigate the risk of attacks.

Affected Version(s)

Hostel Management Site 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12790 - Proof of Concept

References

https://vuldb.com/?id.288970
vdb-entry
https://vuldb.com/?ctiid.288970
signaturepermissions-required
https://vuldb.com/?submit.465224
third-party-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yunlin (VulDB User)
.
CVE-2024-12790 : Cross-Site Scripting Vulnerability in Hostel Management System by Code-Projects | SecurityVulnerability.io