Cross Site Scripting Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5897

6.1MEDIUM

Key Information:

Vendor: Oretnom23
Status: Employee And Visitor Gate Pass Logging System
Vendor: CVE Published:; 12 June 2024

What is CVE-2024-5897?

A cross site scripting vulnerability exists in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. This issue is associated with an unspecified functionality of the file /classes/Master.php?f=log_visitor. An attacker could exploit this vulnerability by manipulating the argument name, enabling them to execute arbitrary scripts in the context of the user's browser. Given that the attack can be launched remotely, it poses significant security concerns, especially if sensitive information is managed through this application. The vulnerability has been publicly disclosed and could present risks to users who have not updated to secure versions.

References

https://vuldb.com/?id.268141

https://vuldb.com/?ctiid.268141

https://vuldb.com/?submit.354923

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024

Oretnom23

What is CVE-2024-5897?

References

CVSS V3.1

Timeline