A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
History

Wed, 04 Dec 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Mayurik
Mayurik best House Rental Management System
CPEs cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Mayurik
Mayurik best House Rental Management System

Tue, 26 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester best House Rental Management System
CPEs cpe:2.3:a:sourcecodester:best_house_rental_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester best House Rental Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Title SourceCodester Best House Rental Management System ajax.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-26T20:00:13.454Z

Updated: 2024-11-28T06:47:31.047Z

Reserved: 2024-11-26T13:24:15.422Z

Link: CVE-2024-11742

cve-icon Vulnrichment

Updated: 2024-11-26T20:57:35.778Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-26T20:15:25.703

Modified: 2024-12-04T21:04:48.830

Link: CVE-2024-11742

cve-icon Redhat

No data.