CVE-2024-7945
Description
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CWE
- CWE-79 — CWE-79 Cross Site Scripting
Affected
- itsourcecode / Laravel Property Management System — v=1.0 [affected]
CVSS
- 4.0 score=5.3 severity=MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N - 3.1 score=3.5 severity=LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - 3.0 score=3.5 severity=LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - 2.0 score=4 severity=
AV:N/AC:L/Au:S/C:N/I:P/A:N
References
- https://vuldb.com/?id.275137 vdb-entry, technical-description
- https://vuldb.com/?ctiid.275137 signature, permissions-required
- https://vuldb.com/?submit.393373 third-party-advisory
- https://github.com/DeepMountains/zzz/blob/main/CVE2-3.md exploit
Source
cvelistV5-main/cves/2024/7xxx/CVE-2024-7945.json