PT-2023-17173 · Sourcecodester · Earnings/Expense Tracker App

Wwesleywww

Published

2023-03-29

Updated

2024-05-17

CVE-2023-1690

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Earnings and Expense Tracker App version 1.0

Description A problematic issue has been found in the processing of the file "LoginRegistration.php?a=register user". The manipulation of the fullname argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For version 1.0, consider disabling the registration functionality in the "LoginRegistration.php?a=register user" file until a patch is available. Restrict access to the fullname argument in the affected file to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-1690

Affected Products

Earnings/Expense Tracker App

PT-2023-17173 · Sourcecodester · Earnings/Expense Tracker App

CVE-2023-1690

Weakness Enumeration

Related Identifiers

Affected Products

References · 7