CVE-2024-5437

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266442 is the identifier assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:simple_online_bidding_system:1.0:*:*:*:*:*:*:*

History

09 Dec 2024, 22:52

Type Values Removed Values Added
CPE cpe:2.3:a:oretnom23:simple_online_bidding_system:1.0:*:*:*:*:*:*:*
First Time Oretnom23 simple Online Bidding System
Oretnom23
References () https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md - () https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md - Exploit
References () https://vuldb.com/?ctiid.266442 - () https://vuldb.com/?ctiid.266442 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.266442 - () https://vuldb.com/?id.266442 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.345066 - () https://vuldb.com/?submit.345066 - Third Party Advisory, VDB Entry

Information

Published : 2024-05-29 00:15

Updated : 2024-12-09 22:52


NVD link : CVE-2024-5437

Mitre link : CVE-2024-5437

CVE.ORG link : CVE-2024-5437


JSON object : View

Products Affected

oretnom23

  • simple_online_bidding_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')