CVE Catalog

CVE-2023-3017

LowCVSS 2.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 that allows basic cross site scripting attacks through manipulation of the First Name/Middle Name/Last Name arguments on the Manage User Page.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a risk of user data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent XSS attacks.

Original NVD description (English source)

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS