Cross-Site Scripting Vulnerability in Bdtask Multi-Store Inventory Management System
CVE-2024-2996

4.8MEDIUM

Key Information:

Vendor: Bdtask
Status: Multi-Store Inventory Management System
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-2996?

A cross-site scripting vulnerability exists in the Bdtask Multi-Store Inventory Management System due to improper handling of user input in the Page Title Handler. This security issue potentially allows remote attackers to inject malicious scripts into web pages, facilitating unauthorized access to sensitive information and performing actions on behalf of users without their consent. Despite attempts to notify the vendor regarding this critical security risk, no response has been received, leaving users vulnerable to potential exploitation.

References

https://vuldb.com/?id.258198

https://vuldb.com/?ctiid.258198

https://vuldb.com/?submit.301376

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024