CVE-2024-1010

CWE-79 — Cross-site Scripting (XSS)CWE-476 — NULL Pointer Dereference CWE-13417 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 58.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Employee Management System Employee Management System Project Employee Management System

Timeline

PublishedJan 29

Latest updateOct 21

Description

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_management_system1.0

▶NVDemployee_management_system_project/employee_management_system1.0

🔴Vulnerability Details

Kernel

Merge branch 'tap-tun-harden-by-dropping-short-frame'↗2024-07-25

▶

GHSA

GHSA-c822-34mg-g7p6: A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1↗2024-01-29

▶

CVEList

SourceCodester Employee Management System edit-profile.php cross site scripting↗2024-01-29

▶

📋Vendor Advisories

Red Hat

kernel: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer↗2024-10-21

▶