Arbitrary Web Scripts Execution Vulnerability in Laboratory Management System
CVE-2024-35581

6.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Computer Laboratory Management System
Vendor: CVE Published:; 28 May 2024

Summary

A vulnerability exists within Sourcecodester's Laboratory Management System that allows attackers to exploit improper input validation through cross-site scripting (XSS). By crafting a malicious payload and injecting it into the Borrower Name input field, attackers can execute arbitrary web scripts or HTML in the context of the user’s browser. This can lead to unauthorized actions, data theft, and exploitation of user sessions. Organizations using this version of the software are urged to implement security best practices and validate user inputs to mitigate the risk.

References

https://portswigger.net/web-security/cross-site-scripting...

https://owasp.org/www-community/attacks/xss/

https://github.com/r04i7/CVE/blob/main/CVE-2024-35581.md

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 28, 2024