CVE-2024-8174

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login.php of the component Login Page. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/prankfulin/cve/blob/main/xss.md Exploit
https://vuldb.com/?ctiid.275773 Permissions Required
https://vuldb.com/?id.275773 Third Party Advisory VDB Entry
https://vuldb.com/?submit.397883 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:blood_bank_system_project:blood_bank_system:1.0:*:*:*:*:*:*:*

History

27 Aug 2024, 14:32

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en el proyecto de código Blood Bank System 1.0 y clasificada como problemática. Una función desconocida del archivo /login.php del componente Login Page es afectada por esta vulnerabilidad. La manipulación del argumento usuario conduce a cross-site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
CVSS v2 : 5.0
v3 : 4.3
v2 : 5.0
v3 : 6.1
First Time Blood Bank System Project blood Bank System
Blood Bank System Project
CPE cpe:2.3:a:blood_bank_system_project:blood_bank_system:1.0:*:*:*:*:*:*:*
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/prankfulin/cve/blob/main/xss.md - () https://github.com/prankfulin/cve/blob/main/xss.md - Exploit
References () https://vuldb.com/?ctiid.275773 - () https://vuldb.com/?ctiid.275773 - Permissions Required
References () https://vuldb.com/?id.275773 - () https://vuldb.com/?id.275773 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.397883 - () https://vuldb.com/?submit.397883 - Third Party Advisory, VDB Entry

26 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 17:15

Updated : 2024-08-27 14:32


NVD link : CVE-2024-8174

Mitre link : CVE-2024-8174

CVE.ORG link : CVE-2024-8174


JSON object : View

Products Affected

blood_bank_system_project

  • blood_bank_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')