CVE-2024-8152

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0

Description: A vulnerability was found in the SourceCodester QR Code Bookmark System, affecting the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the name/url argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations: As a temporary workaround, consider disabling the /endpoint/add-bookmark.php endpoint until a patch is available. Restrict access to the Parameter Handler component to minimize the risk of exploitation. Avoid using the name/url argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.