CVE-2024-37859 — Cross-site Scripting in Lost AND Found Information System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 66.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Lost AND Found Information System

Timeline

PublishedJul 29

Description

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDoretnom23/lost_and_found_information_system1.0

🔴Vulnerability Details

CVEList

CVE-2024-37859: Cross Site Scripting vulnerability in Lost and Found Information System 1↗2024-07-29

▶

GHSA

GHSA-r554-57hr-wpgv: Cross Site Scripting vulnerability in Lost and Found Information System 1↗2024-07-29

▶