A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.227675 | Permissions Required VDB Entry |
| https://vuldb.com/?ctiid.227675 | Permissions Required VDB Entry |
| https://github.com/sunyucheng0405/bug_report/blob/main/XSS-1.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 May 2023, 18:34
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Simple Mobile Comparison Website Project
Simple Mobile Comparison Website Project simple Mobile Comparison Website |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
| CPE | cpe:2.3:a:simple_mobile_comparison_website_project:simple_mobile_comparison_website:1.0:*:*:*:*:*:*:* | |
| References | (MISC) https://vuldb.com/?ctiid.227675 - Permissions Required, VDB Entry | |
| References | (MISC) https://vuldb.com/?id.227675 - Permissions Required, VDB Entry | |
| References | (MISC) https://github.com/sunyucheng0405/bug_report/blob/main/XSS-1.md - Exploit, Third Party Advisory |
28 Apr 2023, 22:22
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-28 22:15
Updated : 2024-05-17 02:22
NVD link : CVE-2023-2397
Mitre link : CVE-2023-2397
JSON object : View
Products Affected
simple_mobile_comparison_website_project
- simple_mobile_comparison_website
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')