CVE-2024-2075

Published: Mar 1, 2024Modified: Mar 5, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.

Affected (1)

Products: Remyandrade: Daily Habit Tracker

1 product

Daily Habit Tracker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Remyandrade Daily Habit Tracker	Version 1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.255391

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.255391

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.255391

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.255391

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

Timeline

No history available yet.