CVE-2024-6807

17 Jul 2024

Título es

CVE-2024-6807

Mié, 17/07/2024 – 04:15

Tipo

CWE-79

Gravedad v2.0

3.30

Gravedad 2.0 Txt

LOW

Título en

CVE-2024-6807

Descripción en

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.

17/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0

AV:N/AC:L/Au:M/C:N/I:P/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

2.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://reports-kunull.vercel.app/CVE%20research/student-study-center-desk-management-system-xss-firstname

https://vuldb.com/?ctiid_271706=