PT-2024-11983 · Unknown · Sourcecodester Oretnom23 Employee'S Payroll Management System
Enferas
·
Published
2024-05-01
·
Updated
2025-02-21
·
CVE-2023-23022
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
sourcecodester oretnom23 employee's payroll management system version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary code via the
code, title, from date, and to date inputs in the file Main.php. This can lead to the execution of malicious scripts.Recommendations
For sourcecodester oretnom23 employee's payroll management system version 1.0, consider validating and sanitizing the
code, title, from date, and to date inputs in the Main.php file to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the Main.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Oretnom23 Employee'S Payroll Management System