PT-2024-20817 · Unknown · Barangay Population Monitoring System
Burak Sevben
·
Published
2024-02-14
·
Updated
2024-08-01
·
CVE-2024-25208
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Barangay Population Monitoring System version 1.0
Description
The system contains a cross-site scripting (XSS) vulnerability in the Add Resident function at "/barangay-population-monitoring-system/masterlist.php". This issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Full Name parameter.Recommendations
For Barangay Population Monitoring System version 1.0, consider disabling the Add Resident function at "/barangay-population-monitoring-system/masterlist.php" until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the
Full Name parameter in the affected function to minimize the risk of arbitrary script execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Barangay Population Monitoring System