CVE-2023-3017
LowCVSS 2.4Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 that allows basic cross site scripting attacks through manipulation of the First Name/Middle Name/Last Name arguments on the Manage User Page.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of user data theft or session hijacking.
Recommendation
It is recommended to update the system to the latest version and implement input data filtering to prevent XSS attacks.
Original NVD description (English source)
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.

