Cross Site Scripting Vulnerability in Online Marriage Registration System 1.0
CVE-2024-2773

3.5LOW

Key Information:

Vendor: Campcodes
Status: Online Marriage Registration System
Vendor: CVE Published:; 21 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An issue has been identified in the Campcodes Online Marriage Registration System 1.0 concerning cross-site scripting (XSS), stemming from improper handling of user-supplied input in the /user/search.php file. The vulnerability allows an attacker to execute arbitrary JavaScript code in the context of an affected user's browser, thus potentially compromising user data and sessions. Remote exploitation is possible, posing risks to web application security. This vulnerability has been made public, and relevant details can be found in the associated entries in vulnerability databases.

Affected Version(s)

Online Marriage Registration System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-2773 - Proof of Concept

References

https://vuldb.com/?id.257607

vdb-entrytechnical-description

https://vuldb.com/?ctiid.257607

signaturepermissions-required

https://github.com/Kurunie/vuln_report/blob/main/Complete...

exploit

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 21, 2024
👾
Exploit known to exist
Mar 21, 2024
Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Mar 21, 2024

Credit

Limmry (VulDB User)