PT-2023-8074 · Sourcecodester · Sourcecodester Simple Book Catalog App

Gikaku

Publicado

2023-09-09

Atualizado

2024-05-17

CVE-2023-4847

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Book Catalog App version 1.0

Description A vulnerability has been found in the Update Book Form component of the SourceCodester Simple Book Catalog App. The manipulation of the book title and book author arguments leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Simple Book Catalog App version 1.0, consider disabling the Update Book Form component until a patch is available. Restrict access to the book title and book author arguments in the Update Book Form to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2024-00052

CVE-2023-4847

Produtos afetados

Sourcecodester Simple Book Catalog App

PT-2023-8074 · Sourcecodester · Sourcecodester Simple Book Catalog App

CVE-2023-4847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12