Cross Site Scripting Vulnerability Discovered in Modern Loan Management System
CVE-2024-9089

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Modern Loan Management System
Vendor: CVE Published:; 23 September 2024

Summary

A security flaw has been identified in the SourceCodester Modern Loan Management System 1.0, specifically within the processing of the update_loan_record.php file. This vulnerability enables the manipulation of the 'amount' argument, leading to potential cross-site scripting attacks. Threat actors can initiate these exploits remotely, posing a risk to the integrity of user data. The vulnerability has been publicly disclosed, and it highlights the importance of prompt remediation and security best practices to protect against such risks.

References

https://vuldb.com/?id.278267

https://vuldb.com/?ctiid.278267

https://vuldb.com/?submit.411877

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 23, 2024