Cross Site Scripting Vulnerability in Code-Projects Chat System
CVE-2024-13034

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Chat System
Vendor
CVE Published:
30 December 2024

Summary

A cross site scripting vulnerability has been identified in Code-Projects Chat System 1.0, specifically in the /admin/update_user.php file. This flaw allows an attacker to manipulate input parameters, particularly the 'name' argument, leading to potential execution of malicious scripts in the user's browser. Notably, the attack can be initiated remotely, raising significant security concerns for users of the affected product. The disclosure of this vulnerability emphasizes the need for immediate remediation to safeguard against possible exploitation.

Affected Version(s)

Chat System 1.0

References

https://vuldb.com/?id.289767
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289767
signaturepermissions-required
https://vuldb.com/?submit.471111
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.