CVE-2023-1688

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 49.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Earnings AND Expense Tracker APP Oretnom23 Earnings AND Expense Tracker Application

Timeline

PublishedMar 29

Description

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-224307.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/earnings_and_expense_tracker_app1.0

▶NVDoretnom23/earnings_and_expense_tracker_application1.0

🔴Vulnerability Details

GHSA

GHSA-vmw8-9495-f948: A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1↗2023-03-29

▶

CVEList

SourceCodester Earnings and Expense Tracker App cross site scripting↗2023-03-29

▶