CVE-2024-27719

Name of the Vulnerable Software and Affected Versions rems FAQ Management System version 1.0 SourceCodester FAQ Management System version 1.0

Description A cross-site scripting (XSS) vulnerability allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. The vulnerability is also related to the lack of protection against SQL query structure exploitation, which may allow a remote attacker to execute arbitrary SQL queries to the database.

Recommendations For rems FAQ Management System version 1.0, consider disabling the Add FAQ function until a patch is available. For SourceCodester FAQ Management System version 1.0, ensure input validation and security measures are in place for the Add FAQ Question function to mitigate risks. As a temporary workaround, avoid using untrusted input handling in the Add FAQ function until the issue is resolved.