Bdtask Multi-Store Inventory Management System Vulnerable to Cross-Site Scripting
CVE-2024-2997

5.4MEDIUM

Key Information:

Vendor: Bdtask
Status: Multi-store Inventory Management System
Vendor: CVE Published:; 27 March 2024

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2024-2997?

The first article discusses a vulnerability in the Bdtask Multi-Store Inventory Management System, which is susceptible to cross-site scripting. The vulnerability allows for remote attack through manipulation of certain arguments. The vendor has not responded to the disclosure, and the exploit has been disclosed to the public, indicating a potential risk of exploitation.

The second article does not provide information about the PGP Message Verification Tool, but rather contains various resources and updates related to the dark web, such as a URL vulnerability scanner released on GitHub, information about darknet markets and exit scams, and guides for using darknet resources for cyber threat intelligence. These resources do not specifically address known exploitations related to ransomware groups.

Affected Version(s)

Multi-Store Inventory Management System 20240320

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-2997 - Proof of Concept