CVE-2023-2973

Name of the Vulnerable Software and Affected Versions SourceCodester Students Online Internship Timesheet System version 1.0

Description A problematic issue has been found, affecting some unknown functionality of the file "/ajax.php?action=save company". The manipulation of the name argument with the input <script>alert(document.cookie)</script> leads to cross-site scripting. The attack can be launched remotely.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the "/ajax.php?action=save company" endpoint until a patch is available. Avoid using the name argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.