PT-2024-38694 · Sourcecodester · Sourcecodester Simple Forum Website
Urayaha
·
Published
2024-08-19
·
Updated
2024-08-21
·
CVE-2024-7929
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Forum Website version 1.0
Description
A problematic vulnerability was found in the Signup Page component, specifically affecting the /registration.php file. The manipulation of the
username argument leads to cross-site scripting. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.Recommendations
For version 1.0, consider disabling the Signup Page component or restricting access to the /registration.php file until a patch is available. As a temporary workaround, avoid using the
username argument in the affected Signup Page component to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Simple Forum Website