CVE-2024-9320

Name of the Vulnerable Software and Affected Versions SourceCodester Online Timesheet App version 1.0

Description A problematic issue has been found in the Add Timesheet Form component, specifically affecting the /endpoint/add-timesheet.php file. The manipulation of the day/task argument leads to cross-site scripting. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Online Timesheet App version 1.0, consider disabling the day/task argument in the /endpoint/add-timesheet.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the Add Timesheet Form component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.