PT-2023-24507 · Sourcecodester · Sourcecodester Game Result Matrix System
Zhangyf
·
Published
2023-06-23
·
Updated
2024-05-17
·
CVE-2023-3382
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Game Result Matrix System version 1.0
Description
A problematic issue has been found in the system, affecting some unknown functionality of the file /dipam/save-delegates.php, specifically the GET Parameter Handler component. The manipulation of the
del name argument leads to cross-site scripting. This issue can be exploited remotely.Recommendations
For SourceCodester Game Result Matrix System version 1.0, avoid using the
del name argument in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the /dipam/save-delegates.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Game Result Matrix System