A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
History

Thu, 29 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Insurance Management System Project
Insurance Management System Project insurance Management System
CPEs cpe:2.3:a:insurance_management_system_project:insurance_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Insurance Management System Project
Insurance Management System Project insurance Management System

Tue, 27 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode insurance Management System
Nafisulbari
Nafisulbari insurance Management System
CPEs cpe:2.3:a:itsourcecode:insurance_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:nafisulbari:insurance_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode insurance Management System
Nafisulbari
Nafisulbari insurance Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 27 Aug 2024 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title nafisulbari/itsourcecode Insurance Management System addClient.php cross site scripting
Weaknesses CWE-79
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-27T18:00:07.376Z

Updated: 2024-08-27T18:17:37.914Z

Reserved: 2024-08-27T11:22:38.498Z

Link: CVE-2024-8209

cve-icon Vulnrichment

Updated: 2024-08-27T18:15:48.703Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T18:15:16.617

Modified: 2024-08-29T17:23:42.873

Link: CVE-2024-8209

cve-icon Redhat

No data.