CVE-2024-57326

{"id": "CVE-2024-57326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-01-23T22:15:14.800", "references": [{"url": "https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57326", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter."}, {"lang": "es", "value": "Existe una vulnerabilidad Cross-Site Scripting (XSS) Reflejado en el archivo search.php de Online Pizza Delivery System 1.0. La vulnerabilidad permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador a trav\u00e9s de la entrada no desinfectada que se pasa a trav\u00e9s del par\u00e1metro de b\u00fasqueda."}], "lastModified": "2025-06-27T19:39:56.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_pizza_delivery_system_project:online_pizza_delivery_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6A115E-B779-4322-ABE0-6FC7C0F7D26E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}