CVE-2024-37859

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
http://lost.com	Not Applicable
https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html	Exploit
https://www.sourcecodester.com/	Product
http://lost.com	Not Applicable
https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html	Exploit
https://www.sourcecodester.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*

History

23 Apr 2025, 14:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:::::::*
First Time		Oretnom23 Oretnom23 lost And Found Information System
References	~~() http://lost.com -~~	() http://lost.com - Not Applicable
References	~~() https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html -~~	() https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html - Exploit
References	~~() https://www.sourcecodester.com/ -~~	() https://www.sourcecodester.com/ - Product

Information

Published : 2024-07-29 19:15

Updated : 2025-04-23 14:41

NVD link : CVE-2024-37859

Mitre link : CVE-2024-37859

CVE.ORG link : CVE-2024-37859

JSON object : View

Products Affected

oretnom23

lost_and_found_information_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10