CVE-2023-1447

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 48.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Medicine Tracker System Medicine Tracker System Project Medicine Tracker System

Timeline

PublishedMar 17

Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input alert('2') leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/medicine_tracker_system1.0

▶NVDmedicine_tracker_system_project/medicine_tracker_system1.0

🔴Vulnerability Details

GHSA

GHSA-6hgj-m62w-qp9h: A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1↗2023-03-17

▶

CVEList

SourceCodester Medicine Tracker System cross site scripting↗2023-03-17

▶