PT-2024-26558 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Published

2024-05-28

Updated

2024-07-03

CVE-2024-35581

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sourcecodester Laboratory Management System version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.

Recommendations For Sourcecodester Laboratory Management System version 1.0, consider validating and sanitizing user input to prevent the injection of malicious scripts, and restrict access to the Borrower Name input field until a patch is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-35581

Affected Products

Sourcecodester Computer Laboratory Management System

CVE-2024-35581

Weakness Enumeration

Related Identifiers

Affected Products

References · 5