CVE-2023-26773 — Cross-site Scripting in Tracker Management System Project Sales Tracker Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 53.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sales Tracker Management System Project Sales Tracker Management System

Timeline

PublishedApr 10

Description

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsales_tracker_management_system_project/sales_tracker_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2023-26773: Cross Site Scripting vulnerability found in Sales Tracker Management System v↗2023-04-10

▶

GHSA

GHSA-fgm4-rp4m-mcwr: Cross Site Scripting vulnerability found in Sales Tracker Management System v↗2023-04-10

▶