github - ghsa-pw2j-fq2f-334f

ghsa-pw2j-fq2f-334f

Vulnerability from github

Published

2024-09-07 15:30

Modified

2024-09-07 15:30

Severity

3.5 (Low) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Details

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T14:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-pw2j-fq2f-334f",
  "modified": "2024-09-07T15:30:30Z",
  "published": "2024-09-07T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic\u0027s-Patient-Management-System-Reflected-XSS.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276773"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276773"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.402384"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8554

Vulnerability from cvelistv5

Published

2024-09-07 13:31

Modified

2024-09-09 14:07

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Summary

SourceCodester Clinics Patient Management System users.php cross site scripting

References

URL	Tags
https://vuldb.com/?id.276773	vdb-entry, technical-description
https://vuldb.com/?ctiid.276773	signature, permissions-required
https://vuldb.com/?submit.402384	third-party-advisory
https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md	exploit
https://www.sourcecodester.com/	product

Impacted products

Vendor	Product
SourceCodester	Clinics Patient Management System

Show details on NVD website