PT-2024-20837 · Unknown · Simple Admin Panel
Burak Sevben
·
Published
2024-02-14
·
Updated
2024-10-23
·
CVE-2024-25226
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Simple Admin Panel App version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Category Name parameter under the Add Category function.Recommendations
For Simple Admin Panel App version 1.0, consider disabling the
Add Category function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Category Name parameter to minimize the risk of arbitrary web script execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple Admin Panel