CVE Catalog

CVE-2023-3184

LowCVSS 2.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.26%

81th percentile — higher than 81% of all known CVEs

Summary

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0, rated as problematic. Manipulation of the arguments firstname/middlename/lastname/username in the file /classes/Users.php?f=save leads to cross-site scripting attacks.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a risk of session hijacking or data theft. The public disclosure of the exploit increases the likelihood of attacks.

Recommendation

It is recommended to update the system to the latest version or apply appropriate security patches to minimize the risk of an attack.

Original NVD description (English source)

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS