PT-2023-17172 · Sourcecodester · Sourcecodester Earnings/Expense Tracker App
Published
2023-03-29
·
Updated
2024-05-17
·
CVE-2023-1689
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Earnings and Expense Tracker App version 1.0
Description
A problematic vulnerability was found in the SourceCodester Earnings and Expense Tracker App. This issue affects the file Master.php, specifically the
a parameter with the value save earning, leading to cross-site scripting when the name argument is manipulated. The attack can be initiated remotely.Recommendations
For version 1.0, consider disabling the
save earning functionality in the Master.php file until a patch is available. Restrict access to the Master.php file to minimize the risk of exploitation. Avoid using the name argument in the affected API endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Earnings/Expense Tracker App