Cross Site Scripting Vulnerability in Petrol Pump Management Software
CVE-2024-2063

4.8MEDIUM

Key Information:

Vendor
CVE Published:
1 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-2063?

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.

Affected Version(s)

Petrol Pump Management Software 1.0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Lictan
nochizplz (VulDB User)
nochizplz (VulDB User)
.
CVE-2024-2063 : Cross Site Scripting Vulnerability in Petrol Pump Management Software