PT-2020-15593 · Sourcecodester · Sourcecodester Travel Management System
Bobby Cooke
+2
·
Published
2020-09-01
·
Updated
2022-12-03
·
CVE-2020-23835
CVSS v3.1
6.4
Medium
| Vector | AC:H/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R |
Name of the Vulnerable Software and Affected Versions
SourceCodester Tailor Management System version 1.0
Description
A Reflected Cross-Site Scripting (XSS) issue in the index.php login-portal webpage allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
Recommendations
For SourceCodester Tailor Management System version 1.0, as a temporary workaround, consider disabling access to the index.php login-portal webpage until a patch is available. Restrict access to this webpage to minimize the risk of exploitation. Avoid using the login-portal webpage in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Travel Management System