Cross Site Scripting Vulnerability in Insurance Management System by Unknown Vendor
CVE-2024-31061

6.1MEDIUM

Key Information:

Vendor: Unknown Vendor
Status: Insurance Management System
Vendor: CVE Published:; 28 March 2024

🔔 Create Unknown Vendor Vulnerability Alert

What is CVE-2024-31061?

A Cross Site Scripting vulnerability exists in the Insurance Management System version 1.0.0 and earlier, allowing remote attackers to inject and execute malicious code via the vulnerable Last Name input field. This flaw poses significant risks for data integrity and user privacy, enabling attackers to retrieve sensitive information and potentially hijack user sessions.

References

https://portswigger.net/web-security/cross-site-scripting...

https://owasp.org/www-community/attacks/xss/

https://github.com/sahildari/cve/blob/master/CVE-2024-310...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 27, 2024