PT-2023-23405 · Sourcecodester · Sourcecodester Insurance Management System
Wengao
·
Published
2023-06-08
·
Updated
2024-05-17
·
CVE-2023-3165
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Life Insurance Management System version 1.0
Description
A vulnerability was found in the file insertNominee.php of the component POST Parameter Handler. The manipulation of the
nominee id argument leads to cross site scripting. The attack can be launched remotely.Recommendations
For version 1.0, consider disabling the
insertNominee.php file or restricting access to the POST Parameter Handler component until a patch is available. Avoid using the nominee id argument in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Insurance Management System