PT-2023-17285 · Unknown · Sourcecodester Online Payroll System
Published
2023-04-05
·
Updated
2024-05-17
·
CVE-2023-1853
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Online Payroll System version 1.0
Description
A problematic issue has been found in the processing of the file /admin/employee edit.php, allowing for cross site scripting through the manipulation of an argument. This issue can be exploited remotely.
Recommendations
For SourceCodester Online Payroll System version 1.0, consider restricting access to the /admin/employee edit.php file until a patch is available. As a temporary workaround, avoid using the argument that leads to cross site scripting in the affected file.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Payroll System