CVE-2024-33975

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions E-Negosyo System version 1.0

Description The issue is a Cross-Site Scripting (XSS) vulnerability that can be exploited by sending a specially crafted JavaScript payload to an authenticated user, allowing an attacker to partially take over their browser session. This is achieved via the view parameter in the "/admin/products/index.php" API endpoint.

Recommendations For E-Negosyo System version 1.0, consider disabling the view parameter in the "/admin/products/index.php" endpoint until a patch is available to prevent exploitation. Restrict access to the "/admin/products/index.php" endpoint to minimize the risk of XSS attacks. Avoid using the view parameter in the affected endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33975

Affected Products

E-Negosyo System

CVE-2024-33975

Weakness Enumeration

Related Identifiers

Affected Products

References · 5