PT-2024-38840 · Sourcecodester · Sourcecodester Qr Code Bookmark System
Jadu101
·
Published
2024-08-25
·
Updated
2024-08-29
·
CVE-2024-8153
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SourceCodester QR Code Bookmark System version 1.0
Description:
A vulnerability was found in the system, affecting some unknown processing of the file
/endpoint/delete-bookmark.php. The manipulation of the bookmark argument leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations:
For SourceCodester QR Code Bookmark System version 1.0, upgrade to version 2.0 to remediate the issue. As a temporary workaround, consider restricting access to the
/endpoint/delete-bookmark.php endpoint and avoiding manipulation of the bookmark argument until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Qr Code Bookmark System