CVE-2024-7684

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7684
A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://vuldb.com/?id.274141 Third Party Advisory
https://vuldb.com/?ctiid.274141 Permissions Required
https://vuldb.com/?submit.389163 Third Party Advisory
https://github.com/samwbs/kortexcve/blob/main/xss_add_act/XSS_add_act.md Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:advocate_office_management_system:1.0:*:*:*:*:*:*:*
History

20 Aug 2024, 13:53

Type Values Removed Values Added
CPE cpe:2.3:a:mayurik:advocate_office_management_system:1.0:*:*:*:*:*:*:*
First Time Mayurik
Mayurik advocate Office Management System
References () https://vuldb.com/?submit.389163 - () https://vuldb.com/?submit.389163 - Third Party Advisory
References () https://vuldb.com/?ctiid.274141 - () https://vuldb.com/?ctiid.274141 - Permissions Required
References () https://github.com/samwbs/kortexcve/blob/main/xss_add_act/XSS_add_act.md - () https://github.com/samwbs/kortexcve/blob/main/xss_add_act/XSS_add_act.md - Exploit
References () https://vuldb.com/?id.274141 - () https://vuldb.com/?id.274141 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-12 13:38

Updated : 2024-08-20 13:53

NVD link : CVE-2024-7684

Mitre link : CVE-2024-7684

JSON object : View

Products Affected

mayurik

  • advocate_office_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')