PT-2024-17224 · Sourcecodester · Best House Rental Management System

Yasser Alshammari

Published

2024-11-26

Updated

2024-12-04

CVE-2024-11742

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Best House Rental Management System version 1.0

Description A problem has been found in the processing of the file /rental/ajax.php?action=save tenant. The manipulation of the lastname, firstname, and middlename arguments leads to cross-site scripting. The attack may be initiated remotely. Other parameters might also be affected.

Recommendations For version 1.0, consider disabling the /rental/ajax.php?action=save tenant endpoint until a patch is available. Restrict access to the lastname, firstname, and middlename arguments in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2024-11742

Affected Products

Best House Rental Management System

PT-2024-17224 · Sourcecodester · Best House Rental Management System

CVE-2024-11742

Weakness Enumeration

Related Identifiers

Affected Products

References · 9