Cross Site Scripting Vulnerability in Insurance Management System
CVE-2024-7916

5.4MEDIUM

Key Information:

Vendor: nafisulbari
Status: Insurance Management System
Vendor: CVE Published:; 18 August 2024

🔔 Create nafisulbari Vulnerability Alert

What is CVE-2024-7916?

A problematic vulnerability exists within the nafisulbari/itsourcecode Insurance Management System version 1.0, specifically related to the addNominee.php file associated with the Add Nominee Page functionality. This vulnerability allows for the manipulation of the Nominee-Client ID argument, which may lead to cross-site scripting (XSS) attacks. Such attacks can be initiated remotely by potential threats exploiting this flaw. As this vulnerability has been publicly disclosed, it poses a risk to users and requires immediate attention for remediation practices. Concerns are heightened due to the lack of response from the vendor following the initial disclosure.

References

https://vuldb.com/?id.275041

https://vuldb.com/?ctiid.275041

https://vuldb.com/?submit.388905

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2024