PT-2022-11879 · Unknown · Sourcecodester Simple Client Management System
Published
2022-12-22
·
Updated
2022-12-27
·
CVE-2021-43657
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodetester Simple Client Management System (SCMS) version 1.0
Description
A Stored Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vulnerable input fields in the MAster.php file. This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft.
Recommendations
For Sourcecodetester Simple Client Management System (SCMS) version 1.0, consider validating and sanitizing all user input to prevent malicious code injection as a temporary workaround until a patch is available. Restrict access to the MAster.php file to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Simple Client Management System