CVE-2023-1395 — Cross-site Scripting in Yoga Class Registration System

CWE-79 — Cross-site Scripting CWE-1395 — Dependency on Vulnerable Third-Party Component CWE-190 — Integer Overflow or Wraparound6 documents5 sources

Severity

6.1MEDIUMNVD

CNA3.5GHSA9.8

EPSS

0.3%

top 51.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Yoga Class Registration System Yoga Class Registration System Project Yoga Class Registration System

Timeline

PublishedMar 14

Latest updateOct 22

Description

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sourcecodester/yoga_class_registration_system1.0

▶NVDyoga_class_registration_system_project/yoga_class_registration_system1.0

🔴Vulnerability Details

GHSA

curl_cffi bundles a version of libcurl affected by High Severity vulnerability↗2024-10-22

▶

GHSA

Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib↗2024-07-16

▶

GHSA

GHSA-4j45-535p-3gx8: A vulnerability was found in SourceCodester Yoga Class Registration System 1↗2023-03-14

▶

CVEList

SourceCodester Yoga Class Registration System list.php query cross site scripting↗2023-03-14

▶

📋Vendor Advisories

Microsoft

Azure SDK Spoofing Vulnerability↗2024-03-12

▶