CVE-2024-31648 — Code Injection in Insurance Management System

CWE-94 — Code Injection CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 69.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Munyweki Insurance Management System

Timeline

PublishedApr 15

Description

Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmunyweki/insurance_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2024-31648: Cross Site Scripting (XSS) in Insurance Management System v1↗2024-04-15

▶

GHSA

GHSA-mpx9-g5j9-p825: Cross Site Scripting (XSS) in Insurance Management System v1↗2024-04-15

▶