Cross Site Scripting Vulnerability in Campcodes Online Marriage Registration System
CVE-2024-28456

5.4MEDIUM

Key Information:

Vendor: Campcodes
Status: Online Marriage Registration System
Vendor: CVE Published:; 28 March 2024

What is CVE-2024-28456?

The Online Marriage Registration System v.1.0 developed by Campcodes is susceptible to a Cross Site Scripting (XSS) vulnerability that arises due to inadequate validation of user input in the marriage registration request form. This flaw enables remote attackers to inject malicious scripts into the application, which can then be executed in the context of the user's browser. As a result, sensitive information could potentially be compromised, and attackers may manipulate user sessions or redirect users to malicious sites. It is imperative for users and administrators of the affected system to implement appropriate security measures, including input sanitization and regular updates.

References

https://www.campcodes.com/projects/php/online-marriage-re...

https://pastebin.com/CYMDR4ss

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 8, 2024