Cross Site Scripting Vulnerability in SourceCodester Yoga Class Registration System
CVE-2024-7914

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Yoga Class Registration System
Vendor: CVE Published:; 18 August 2024

Summary

A vulnerability has been discovered in the SourceCodester Yoga Class Registration System version 1.0, resulting from an inadequate handling of parameters within the SystemSettings.php file. Specifically, the manipulation of user input can be exploited to inject malicious scripts into web pages viewed by other users. This cross-site scripting issue allows attackers to launch attacks remotely, gaining unauthorized access to sensitive information or performing actions on behalf of users. The public disclosure of this vulnerability increases the risk of exploitation, making it crucial for users to apply safeguards promptly.

References

https://vuldb.com/?id.275040

https://vuldb.com/?ctiid.275040

https://vuldb.com/?submit.392193

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 18, 2024