CVE-2024-6650 — Cross-site Scripting in Employee AND Visitor Gate Pass Logging System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 74.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Employee AND Visitor Gate Pass Logging System Oretnom23 Employee AND Visitor Gate Pass Logging System

Timeline

PublishedJul 10

Latest updateJul 11

Description

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_and_visitor_gate_pass_logging_system1.0

▶NVDoretnom23/employee_and_visitor_gate_pass_logging_system1.0

🔴Vulnerability Details

GHSA

GHSA-vq4m-75qf-c48w: A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1↗2024-07-11

▶

CVEList

SourceCodester Employee and Visitor Gate Pass Logging System Master.php save_designation cross site scripting↗2024-07-10

▶