PT-2023-17359 · Sourcecodester · Sourcecodester Survey Application System
Krishna.T
·
Published
2023-04-07
·
Updated
2024-05-17
·
CVE-2023-1946
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Survey Application System version 1.0
Description
A problematic issue was found in the Add New Handler component, affecting some unknown processing. The manipulation of the
Title argument with the input <script>prompt(document.domain)</script> leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For version 1.0, consider restricting the input for the
Title argument to prevent cross-site scripting attacks until a patch is available. As a temporary workaround, restrict access to the Add New Handler component to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Survey Application System