Cross Site Scripting Vulnerability in Superadmin_Dashboard/process/addbranches_process.php Could Lead to Remote Exploitation
CVE-2024-3415

3.5LOW

Key Information:

Vendor
Sourcecodester
Status
Human Resource Information System
Vendor
CVE Published:
6 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security flaw exists in the SourceCodester Human Resource Information System 1.0, specifically within the Superadmin_Dashboard/process/addbranches_process.php file. This vulnerability results from improper handling of the branches_name argument, which can be exploited to execute cross-site scripting (XSS) attacks. Malicious actors are capable of launching these attacks remotely, posing significant risks to users and the integrity of the application. The potential repercussions of this vulnerability have been publicly disclosed, making it imperative for users and administrators to take proactive measures to mitigate risks.

Affected Version(s)

Human Resource Information System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3415 - Proof of Concept

References

https://vuldb.com/?id.259584
vdb-entrytechnical-description
https://vuldb.com/?ctiid.259584
signaturepermissions-required
https://vuldb.com/?submit.311442
third-party-advisory

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

liuann (VulDB User)
.