CVE Catalog

CVE-2023-3144

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile — higher than 46% of all known CVEs

Summary

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'title' argument in the admin/posts/manage_post.php file. The attack can be launched remotely.

Risk Assessment

This vulnerability poses a risk to organizations as it allows remote attackers to inject malicious code into the application, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of the software and implement input filtering and validation to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS