Stored Cross-Site Scripting Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40074
Currently unrated
Summary
The Sourcecodester Online ID Generator System version 1.0 has a vulnerability that allows for Stored Cross-Site Scripting (XSS). This security issue is found in the POST parameter 'short_name' of the update settings functionality located in id_generator/classes/SystemSettings.php. Attackers can exploit this vulnerability to inject malicious scripts, compromising user data and application integrity.
References
Timeline
Vulnerability published
Vulnerability Reserved