CVE-2023-3184

SourceCodester Sales Tracker Management System cross site scripting

CVSS 2.4 LOWEPSS 2.3%CWE-79

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Productos afectados

SourceCodester · Sales Tracker Management System

PoCs públicas encontradas — 3

cve_referencepacketstormsecurity.com/files/172908/Sales-Tracker-Management-System-1.0-HTML-Injection.htmlno verificado cve_referencegithub.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.mdno verificado exploitdbwww.exploit-db.com/exploits/51513no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/172908/Sales-Tracker-Management-System-1.0-HTML-Injection.html https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md https://vuldb.com/?ctiid.231164 https://vuldb.com/?id.231164