Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-3184

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.8MEDIUM

EPSS

1.2%

top 21.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Sales Tracker Management System Sales Tracker Management System Project Sales Tracker Management System

Timeline

PublishedJun 9

Latest updateJun 13

Description

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/sales_tracker_management_system1.0

▶NVDsales_tracker_management_system_project/sales_tracker_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Sales Tracker Management System cross site scripting↗2023-06-09

▶

GHSA

GHSA-35qx-pprw-fwph: A vulnerability was found in SourceCodester Sales Tracker Management System 1↗2023-06-09

▶

💥Exploits & PoCs

Exploit-DB

Sales Tracker Management System v1.0 - Multiple Vulnerabilities↗2023-06-13

▶