Cross Site Scripting Vulnerability in CodeAstro Membership Management System 1.0
CVE-2024-46470

Currently unrated

Key Information:

Vendor: CodeAstro
Status: Membership Management System
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-46470?

A Cross Site Scripting (XSS) vulnerability exists within the CodeAstro Membership Management System version 1.0. This weakness resides in the edit-type.php component, where attackers can exploit the membership_type field to inject and execute malicious JavaScript code. This vulnerability poses significant security risks, as it can lead to unauthorized actions, data exposure, and the potential for further attacks against users interacting with the compromised system.

References

https://codeastro.com/membership-management-system-in-php...

https://github.com/JonMoriSenpai/CVE-WriteUps/blob/main/C...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024