PT-2025-16796 · Sourcecodester · Sourcecodester Online Id Generator System
Published
2025-04-16
·
Updated
2025-04-20
·
CVE-2024-40074
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Online ID Generator System version 1.0
Description
The issue is related to Stored Cross Site Scripting (XSS) via the
id generator/classes/SystemSettings.php?f=update settings endpoint, with the point of vulnerability being in the short name POST parameter.Recommendations
For version 1.0, consider disabling the
short name parameter in the id generator/classes/SystemSettings.php?f=update settings endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the short name parameter in this endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Id Generator System