A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 10 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Rems
Rems php Crud
CPEs cpe:2.3:a:rems:php_crud:1.0:*:*:*:*:*:*:*
Vendors & Products Rems
Rems php Crud

Mon, 09 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Egavilanmedia
Egavilanmedia phpcrud
CPEs cpe:2.3:a:egavilanmedia:phpcrud:1.0:*:*:*:*:*:*:*
Vendors & Products Egavilanmedia
Egavilanmedia phpcrud
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 07 Sep 2024 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester PHP CRUD update.php cross site scripting
Weaknesses CWE-79
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-09-07T20:00:04.571Z

Updated: 2024-09-09T13:35:27.828Z

Reserved: 2024-09-06T21:36:38.586Z

Link: CVE-2024-8563

cve-icon Vulnrichment

Updated: 2024-09-09T13:35:20.525Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-07T20:15:01.977

Modified: 2024-09-10T15:37:48.183

Link: CVE-2024-8563

cve-icon Redhat

No data.