CVE-2023-3005
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk45th percentile — higher than 45% of all known CVEs
Summary
A vulnerability was found in SourceCodester Local Service Search Engine Management System version 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the POST parameter in the /admin/ajax.php file. Inputting a malicious script like <script>alert(document.cookie)</script> can lead to unauthorized access to user data.
Risk Assessment
This vulnerability poses a risk of remote attacks, potentially leading to the theft of user session data and other sensitive information. The public disclosure of the exploit increases the likelihood of it being used by cybercriminals.
Recommendation
It is recommended to immediately update the system to the latest version that addresses this vulnerability. Additionally, implementing security measures against XSS attacks, such as input validation and sanitization, is advisable.
Original NVD description (English source)
A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230349 was assigned to this vulnerability.

