PT-2021-18194 · Sourcecodester · Sourcecodester Student Management System

Published

2021-04-28

Updated

2021-05-05

CVE-2021-29388

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: SourceCodester Budget Management System version 1.0

Description: A stored cross-site scripting issue allows users to inject and store arbitrary JavaScript code in index.php via the vulnerable field Budget Title.

Recommendations: For SourceCodester Budget Management System version 1.0, consider validating and sanitizing user input for the Budget Title field to prevent the injection of malicious JavaScript code. As a temporary workaround, restrict access to the index.php page to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-29388

Affected Products

Sourcecodester Student Management System

PT-2021-18194 · Sourcecodester · Sourcecodester Student Management System

CVE-2021-29388

Weakness Enumeration

Related Identifiers

Affected Products

References · 4