Stored XSS Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40069

5.4MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Online ID Generator System
Vendor: CVE Published:; 16 April 2025

Summary

The Sourcecodester Online ID Generator System 1.0 is susceptible to Stored Cross Site Scripting (XSS) through the 'firstname' and 'lastname' POST parameters within the id_generator/classes/Users.php endpoint. Attackers can exploit this vulnerability by injecting malicious scripts into these parameters, which, when viewed by other users, could lead to unauthorized actions and compromised data integrity.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Jul 5, 2024