A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
History

Thu, 29 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Insurance Management System Project
Insurance Management System Project insurance Management System
CPEs cpe:2.3:a:insurance_management_system_project:insurance_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Insurance Management System Project
Insurance Management System Project insurance Management System

Tue, 27 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode insurance Management System
Nafisulbari
Nafisulbari insurance Management System
CPEs cpe:2.3:a:itsourcecode:insurance_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:nafisulbari:insurance_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode insurance Management System
Nafisulbari
Nafisulbari insurance Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 27 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
Weaknesses CWE-79
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-27T17:31:03.929Z

Updated: 2024-08-27T17:52:08.619Z

Reserved: 2024-08-27T11:22:36.168Z

Link: CVE-2024-8208

cve-icon Vulnrichment

Updated: 2024-08-27T17:50:30.438Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T18:15:15.950

Modified: 2024-08-29T17:27:02.397

Link: CVE-2024-8208

cve-icon Redhat

No data.