PT-2025-16786 · Sourcecodester · Sourcecodester Online Id Generator System

Published

2025-04-16

Updated

2025-04-20

CVE-2024-40069

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sourcecodester Online ID Generator System version 1.0

Description The issue is related to Stored Cross Site Scripting (XSS) via the endpoint "id generator/classes/Users.php?f=save". The vulnerability is specifically in the POST parameters firstname and lastname.

Recommendations For Sourcecodester Online ID Generator System version 1.0, consider validating and sanitizing the firstname and lastname parameters in the "id generator/classes/Users.php?f=save" endpoint to prevent XSS attacks. As a temporary workaround, restrict access to this endpoint until a proper fix is implemented.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-40069

Affected Products

Sourcecodester Online Id Generator System

PT-2025-16786 · Sourcecodester · Sourcecodester Online Id Generator System

CVE-2024-40069

Weakness Enumeration

Related Identifiers

Affected Products

References · 5