Insurance Management System Vulnerable to Cross Site Scripting Attacks
CVE-2024-8209

6.1MEDIUM

Key Information:

Vendor

Nafisulbari

Status
Insurance Management System
Vendor
CVE Published:
27 August 2024

What is CVE-2024-8209?

A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

Insurance Management System 1.0

Insurance Management System 1.0

References

https://vuldb.com/?id.275918
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275918
signaturepermissions-required
https://vuldb.com/?submit.393512
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fahadletsleep (VulDB User)
.