Vulnerability in Insurance Management System 1.0 Could Lead to Cross-Site Scripting Attacks
CVE-2024-8208

6.1MEDIUM

Key Information:

Vendor

Nafisulbari

Status
Insurance Management System
Vendor
CVE Published:
27 August 2024

What is CVE-2024-8208?

A vulnerability has been identified in the nafisulbari/itsourcecode Insurance Management System version 1.0 that allows for cross-site scripting (XSS). The issue arises from improper handling of the AGENT ID parameter in the editClient.php file. This weakness can be exploited remotely, potentially allowing attackers to inject malicious scripts that could execute in the context of the user's browser. The nature of this flaw raises concerns for both user data integrity and system security. The vendor had been informed prior to the public disclosure but has not provided a response.

Affected Version(s)

Insurance Management System 1.0

Insurance Management System 1.0

References

https://vuldb.com/?id.275917
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275917
signaturepermissions-required
https://vuldb.com/?submit.393511
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fahadletsleep (VulDB User)
.