CVE-2024-1024 — Cross-site Scripting in Facebook News Feed Like
CWE-79 — Cross-site ScriptingCWE-787 — Out-of-bounds WriteCWE-822 — Untrusted Pointer DereferenceCWE-20 — Improper Input ValidationCWE-476 — NULL Pointer DereferenceCWE-402 — Resource LeakCWE-770 — Allocation of Resources Without Limits or ThrottlingCWE-401 — Missing Release of Memory after Effective LifetimeCWE-789 — Memory Allocation with Excessive Size ValueCWE-125 — Out-of-bounds ReadCWE-190 — Integer Overflow or WraparoundCWE-400 — Uncontrolled Resource ConsumptionCWE-120 — Classic Buffer OverflowCWE-673 — External Influence of Sphere DefinitionCWE-674 — Uncontrolled Recursion20 documents7 sources
Severity
6.1MEDIUMNVD
CNA3.5
EPSS
0.1%
top 80.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 30
Latest updateNov 19
Description
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert(1) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
🔴Vulnerability Details
5💥Exploits & PoCs
1Nuclei▶
Lightdash v0.1024.6 - Server-Side Request Forgery