CVE-2024-2063

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 81.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Petrol Pump Management SoftwareMayurik Petrol Pump Management
Timeline
PublishedMar 1
Latest updateMar 13

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-chvr-j3r5-wwfm: A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 12024-03-01
CVEList
SourceCodester Petrol Pump Management Software profile_crud.php cross site scripting2024-03-01

🕵️Threat Intelligence

2
Talos
Miniaudio and Adobe Acrobat Reader vulnerabilities2025-03-13
Talos
Miniaudio and Adobe Acrobat Reader vulnerabilities2025-03-13
CVE-2024-2063 (MEDIUM CVSS 4.8) | A vulnerability | cvebase.io