SourceCodester Testimonial Page Manager 1.0 HTTP POST Request add-testimonial.php name/description/testimony cross site scripting
A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was shared 02/02/2024 by Michael Blunt. This vulnerability was named CVE-2024-1196. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.