CVE-2024-6267

Name of the Vulnerable Software and Affected Versions: SourceCodester Service Provider Management System version 1.0

Description: A vulnerability was found in the System Info Page component of the SourceCodester Service Provider Management System. The issue is due to the lack of protection measures for the web page structure, allowing an attacker to conduct a cross-site scripting (XSS) attack remotely. The manipulation of the System Name/System Short Name argument leads to XSS. The exploit has been disclosed to the public and may be used.

Recommendations: As a temporary workaround, consider disabling the system info/index.php file until a patch is available. Restrict access to the System Info Page component to minimize the risk of exploitation. Avoid using the System Name and System Short Name input fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.