CVE-2024-3443
published 2024-04-08CVE-2024-3443: A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file…
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.55%
41.8th percentile
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fast5 | prison_management_system | — | — |
| linux | linux_kernel | >= 0 < 6.1.119-1 | 6.1.119-1 |
| linux | linux_kernel | >= 0 < 6.11.7-1 | 6.11.7-1 |
| sourcecodester | prison_management_system | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-50228: In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix data-race in shmem_getattr()
I got the following KCSAN report dur
osv·2024-11-09
CVE-2024-50228 CVE-2024-50228: In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix data-race in shmem_getattr()
I got the following KCSAN report dur
In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix data-race in shmem_getattr()
I got the following KCSAN report during syzbot testing:
BUG: KCSAN: data-race in generic_fillattr / inode_set_ctime_current
write to 0xffff888102eb3260 of 4 bytes by task 6565 on cpu 1:
inode_set_ctime_to_ts include/linux/fs.h:1638 [inline]
inode_set_ctime_current+0x169/0x1d0 fs/inode.c:2626
shmem_mknod+0x117/0x180 mm/shmem.c:3443
shmem_create+0x34/0x40 mm/shmem.c:3497
lookup_open fs/namei.c:3578 [inline]
open_last_lookups fs/namei.c:3647 [inline]
path_openat+0xdbc/0x1f00 fs/namei.c:3883
do_filp_open+0xf7/0x200 fs/namei.c:3913
do_sys_openat2+0xab/0x120 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [in
GHSA
GHSA-frjv-mxj9-42h2: A vulnerability classified as problematic was found in SourceCodester Prison Management System 1
ghsa_unreviewed·2024-04-08
CVE-2024-3443 [MEDIUM] CWE-79 GHSA-frjv-mxj9-42h2: A vulnerability classified as problematic was found in SourceCodester Prison Management System 1
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/zyairelai/CVE-submissions/blob/main/prison-xss.mdhttps://vuldb.com/?ctiid.259696https://vuldb.com/?id.259696https://vuldb.com/?submit.312285https://github.com/zyairelai/CVE-submissions/blob/main/prison-xss.mdhttps://vuldb.com/?ctiid.259696https://vuldb.com/?id.259696https://vuldb.com/?submit.312285
2024-04-08
Published