A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.
References
Link | Resource |
---|---|
https://github.com/jomskiller/Employee-Management-System---Stored-XSS | Exploit Mitigation Third Party Advisory |
https://github.com/jomskiller/Employee-Management-System---Stored-XSS/ | Exploit Mitigation Third Party Advisory |
https://vuldb.com/?ctiid.252279 | Permissions Required |
https://vuldb.com/?id.252279 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulDB
Published: 2024-01-29T16:31:05.461Z
Updated: 2024-01-29T16:31:05.461Z
Reserved: 2024-01-29T07:14:57.352Z
Link: CVE-2024-1010
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-29T17:15:09.967
Modified: 2024-05-17T02:35:09.883
Link: CVE-2024-1010
JSON object: View
Redhat Information
No data.
CWE