Search criteria
6 vulnerabilities found for Interactive Map with Marker by SourceCodester
CVE-2024-8151 (GCVE-0-2024-8151)
Vulnerability from cvelistv5 – Published: 2024-08-25 22:00 – Updated: 2024-08-26 15:34
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
jadu101 (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:interactive_map_with_marker:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "interactive_map_with_marker",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T14:02:00.583205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:34:28.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jadu101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Interactive Map with Marker 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /endpoint/delete-mark.php. Mit der Manipulation des Arguments mark mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-25T22:00:06.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275739 | SourceCodester Interactive Map with Marker delete-mark.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275739"
},
{
"name": "VDB-275739 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275739"
},
{
"name": "Submit #397570 | SourceCodester Interactive Map with Marker 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.397570"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/jadu101/CVE/blob/main/SourceCodester_Interactive_Map_With_Marker_delete_mark_XSS.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-25T08:13:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker delete-mark.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8151",
"datePublished": "2024-08-25T22:00:06.910Z",
"dateReserved": "2024-08-25T06:08:04.922Z",
"dateUpdated": "2024-08-26T15:34:28.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4968 (GCVE-0-2024-4968)
Vulnerability from cvelistv5 – Published: 2024-05-16 08:31 – Updated: 2024-08-01 20:55
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264536.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:interactive_map_with_marker:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "interactive_map_with_marker",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4968",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T18:33:16.193950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:16.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264536 | SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.264536"
},
{
"name": "VDB-264536 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264536"
},
{
"name": "Submit #335191 | SourceCodester Interactive Map App 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.335191"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20Cross-Site-Scripting.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Marker"
],
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264536."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in SourceCodester Interactive Map with Marker 1.0 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei Marker Name der Komponente Add Marker. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T08:31:05.608Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264536 | SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.264536"
},
{
"name": "VDB-264536 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264536"
},
{
"name": "Submit #335191 | SourceCodester Interactive Map App 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.335191"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20Cross-Site-Scripting.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-15T21:30:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4968",
"datePublished": "2024-05-16T08:31:05.608Z",
"dateReserved": "2024-05-15T19:25:08.625Z",
"dateUpdated": "2024-08-01T20:55:10.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4967 (GCVE-0-2024-4967)
Vulnerability from cvelistv5 – Published: 2024-05-16 08:31 – Updated: 2024-08-01 20:55
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T14:54:19.355207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:45.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264535 | SourceCodester Interactive Map with Marker delete-mark.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.264535"
},
{
"name": "VDB-264535 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264535"
},
{
"name": "Submit #335190 | SourceCodester Interactive Map App 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.335190"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20SQL%20Injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535."
},
{
"lang": "de",
"value": "In SourceCodester Interactive Map with Marker 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /endpoint/delete-mark.php. Durch das Manipulieren des Arguments mark mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T08:31:04.218Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264535 | SourceCodester Interactive Map with Marker delete-mark.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.264535"
},
{
"name": "VDB-264535 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264535"
},
{
"name": "Submit #335190 | SourceCodester Interactive Map App 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.335190"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20SQL%20Injection.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-15T21:30:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker delete-mark.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4967",
"datePublished": "2024-05-16T08:31:04.218Z",
"dateReserved": "2024-05-15T19:25:06.708Z",
"dateUpdated": "2024-08-01T20:55:10.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8151 (GCVE-0-2024-8151)
Vulnerability from nvd – Published: 2024-08-25 22:00 – Updated: 2024-08-26 15:34
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
jadu101 (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:interactive_map_with_marker:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "interactive_map_with_marker",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T14:02:00.583205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:34:28.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jadu101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Interactive Map with Marker 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /endpoint/delete-mark.php. Mit der Manipulation des Arguments mark mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-25T22:00:06.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275739 | SourceCodester Interactive Map with Marker delete-mark.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275739"
},
{
"name": "VDB-275739 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275739"
},
{
"name": "Submit #397570 | SourceCodester Interactive Map with Marker 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.397570"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/jadu101/CVE/blob/main/SourceCodester_Interactive_Map_With_Marker_delete_mark_XSS.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-25T08:13:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker delete-mark.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8151",
"datePublished": "2024-08-25T22:00:06.910Z",
"dateReserved": "2024-08-25T06:08:04.922Z",
"dateUpdated": "2024-08-26T15:34:28.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4968 (GCVE-0-2024-4968)
Vulnerability from nvd – Published: 2024-05-16 08:31 – Updated: 2024-08-01 20:55
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264536.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:interactive_map_with_marker:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "interactive_map_with_marker",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4968",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T18:33:16.193950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:16.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264536 | SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.264536"
},
{
"name": "VDB-264536 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264536"
},
{
"name": "Submit #335191 | SourceCodester Interactive Map App 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.335191"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20Cross-Site-Scripting.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Marker"
],
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264536."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in SourceCodester Interactive Map with Marker 1.0 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei Marker Name der Komponente Add Marker. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T08:31:05.608Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264536 | SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.264536"
},
{
"name": "VDB-264536 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264536"
},
{
"name": "Submit #335191 | SourceCodester Interactive Map App 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.335191"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20Cross-Site-Scripting.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-15T21:30:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4968",
"datePublished": "2024-05-16T08:31:05.608Z",
"dateReserved": "2024-05-15T19:25:08.625Z",
"dateUpdated": "2024-08-01T20:55:10.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4967 (GCVE-0-2024-4967)
Vulnerability from nvd – Published: 2024-05-16 08:31 – Updated: 2024-08-01 20:55
VLAI?
Summary
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Interactive Map with Marker |
Affected:
1.0
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T14:54:19.355207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:45.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264535 | SourceCodester Interactive Map with Marker delete-mark.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.264535"
},
{
"name": "VDB-264535 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264535"
},
{
"name": "Submit #335190 | SourceCodester Interactive Map App 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.335190"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20SQL%20Injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Interactive Map with Marker",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535."
},
{
"lang": "de",
"value": "In SourceCodester Interactive Map with Marker 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /endpoint/delete-mark.php. Durch das Manipulieren des Arguments mark mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T08:31:04.218Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264535 | SourceCodester Interactive Map with Marker delete-mark.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.264535"
},
{
"name": "VDB-264535 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264535"
},
{
"name": "Submit #335190 | SourceCodester Interactive Map App 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.335190"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20SQL%20Injection.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-15T21:30:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Interactive Map with Marker delete-mark.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4967",
"datePublished": "2024-05-16T08:31:04.218Z",
"dateReserved": "2024-05-15T19:25:06.708Z",
"dateUpdated": "2024-08-01T20:55:10.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}