CVE-2024-1825

A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src="1" onerror="console.log(1)"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.qq.com/doc/DYndSY3V4UXh4dHFC	Permissions Required
https://docs.qq.com/doc/DYndSY3V4UXh4dHFC	Permissions Required
https://vuldb.com/?ctiid.254613	Permissions Required
https://vuldb.com/?ctiid.254613	Permissions Required
https://vuldb.com/?id.254613	Third Party Advisory
https://vuldb.com/?id.254613	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:house_rental_management_system:1.0:*:*:*:*:*:*:*

History

06 Dec 2024, 14:39

Type	Values Removed	Values Added
CPE		cpe:2.3:a:codeastro:house_rental_management_system:1.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
First Time		Codeastro house Rental Management System Codeastro
CWE	~~CWE-79~~
References	~~() https://docs.qq.com/doc/DYndSY3V4UXh4dHFC -~~	() https://docs.qq.com/doc/DYndSY3V4UXh4dHFC - Permissions Required
References	~~() https://vuldb.com/?ctiid.254613 -~~	() https://vuldb.com/?ctiid.254613 - Permissions Required
References	~~() https://vuldb.com/?id.254613 -~~	() https://vuldb.com/?id.254613 - Third Party Advisory

23 Feb 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-23 17:15

Updated : 2024-12-06 14:39

NVD link : CVE-2024-1825

Mitre link : CVE-2024-1825

JSON object : View

Products Affected

codeastro

house_rental_management_system

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.qq.com/doc/DYndSY3V4UXh4dHFC", "name": "https://docs.qq.com/doc/DYndSY3V4UXh4dHFC", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://docs.qq.com/doc/DYndSY3V4UXh4dHFC", "name": "https://docs.qq.com/doc/DYndSY3V4UXh4dHFC", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254613", "name": "VDB-254613 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254613", "name": "VDB-254613 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254613", "name": "VDB-254613 | CodeAstro House Rental Management System User Registration Page cross site scripting", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?id.254613", "name": "VDB-254613 | CodeAstro House Rental Management System User Registration Page cross site scripting", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src=\"1\" onerror=\"console.log(1)\"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-1825", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2024-02-23T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:codeastro:house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-06T14:39Z"}