CVE-2023-3986 — Cross-site Scripting in Simple Online Mens Salon Management System

CWE-79 — Cross-site Scripting CWE-22 — Path Traversal4 documents4 sources

Severity

4.8MEDIUMNVD

CNA2.4

EPSS

0.1%

top 79.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple Online Mens Salon Management System Oretnom23 Simple Online MEN S Salon Management System

Timeline

PublishedJul 28

Latest updateDec 21

Description

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_online_mens_salon_management_system1.0

▶NVDoretnom23/simple_online_men_s_salon_management_system1.0

🔴Vulnerability Details

GHSA

Potential URI resolution path traversal in the AWS SDK for PHP↗2023-12-21

▶

GHSA

GHSA-3x6j-5vp7-5926: A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1↗2023-07-28

▶

CVEList

SourceCodester Simple Online Mens Salon Management System cross site scripting↗2023-07-28

▶