PT-2023-32007 · Sourcecodester · Sourcecodester Expense Tracker App

Xcode0X

Publicado

2023-09-29

Atualizado

2024-05-17

CVE-2023-5286

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Expense Tracker App version 1

Description A problematic issue has been found in the file add category.php of the component Category Handler. The manipulation of the category name argument leads to cross site scripting. The attack may be launched remotely.

Recommendations For version 1, as a temporary workaround, consider restricting the use of the category name argument in the add category.php file until a patch is available. Avoid using the category name argument in the affected Category Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-5286

Produtos afetados

Sourcecodester Expense Tracker App

PT-2023-32007 · Sourcecodester · Sourcecodester Expense Tracker App

CVE-2023-5286

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9