Cross Site Scripting Vulnerability in Petrol Pump Management Software
CVE-2024-2063

4.8MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Petrol Pump Management Software
Vendor
CVE Published:
1 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-2063?

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.

Affected Version(s)

Petrol Pump Management Software 1.0

References

https://vuldb.com/?id.255378
vdb-entrytechnical-description
https://vuldb.com/?ctiid.255378
signaturepermissions-required
https://github.com/skid-nochizplz/skid-nochizplz/blob/mai...
exploit

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Lictan
nochizplz (VulDB User)
nochizplz (VulDB User)
.