← Back

CVE-2024-9089

nvd nist
Published: Sep 23, 2024Modified: Sep 27, 2024

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Mayurik
1 product
Modern Loan Management System
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Modern Loan Management System
Version 1.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (5)

Source: cna@vuldb.com
Permissions RequiredThird Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
ExploitThird Party Advisory
Source: cna@vuldb.com
Product

Timeline

No history available yet.