Cross Site Scripting Vulnerability in House Rental Management System
CVE-2024-9033

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Best House Rental Management System
Vendor: CVE Published:; 20 September 2024

Summary

The SourceCodester Best House Rental Management System version 1.0 is affected by a cross-site scripting (XSS) vulnerability that exists in the file /ajax.php, specifically in the functionality triggered by 'action=save_category'. This flaw allows an attacker to manipulate the argument 'name', which can lead to the execution of malicious scripts in the context of the victim's browser. The exploit can be conducted remotely, meaning that attackers do not need physical access to the affected system to initiate the attack. With the vulnerability now publicly disclosed, the potential for exploitation increases, making timely patching essential for users of this management system.

References

https://vuldb.com/?id.278203

https://vuldb.com/?ctiid.278203

https://vuldb.com/?submit.410977

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 20, 2024

Collectors

NVD Database