PT-2024-38234 · Sourcecodester · Sourcecodester Establishment Billing Management System
Topsky979
·
Published
2024-07-31
·
Updated
2024-08-12
·
CVE-2024-7285
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Establishment Billing Management System version 1.0
Description
A vulnerability has been found in the system, classified as problematic, affecting the file /admin/ajax.php?action=save settings. The manipulation of the
name argument leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For SourceCodester Establishment Billing Management System version 1.0, patch immediately and validate all inputs to resolve the issue. As a temporary workaround, consider restricting access to the
/admin/ajax.php?action=save settings endpoint until a patch is available. Avoid using the name parameter in the affected endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Establishment Billing Management System