CVE Catalog

CVE-2023-3659

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the firstname/middlename arguments in the file admin/?page=user/manage_user.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent XSS attacks.

Original NVD description (English source)

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS