Cross Site Scripting Vulnerability in Bdtask Hospita AutoManager
CVE-2024-2135

2.4LOW

Key Information:

Vendor

Bdtask

Status
Hospita Automanager
Vendor
CVE Published:
3 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-2135?

A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospital_activities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255497 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

Hospita AutoManager 20240223

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-2135 - Proof of Concept

References

https://vuldb.com/?id.255497
vdb-entrytechnical-description
https://vuldb.com/?ctiid.255497
signaturepermissions-required
https://drive.google.com/file/d/1zi8r84r0B2F45rWSYohZ6TO-...
exploit

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

srivishnu (VulDB User)
.