SourceCodester Testimonial Page Manager 1.0 HTTP POST Request add-testimonial.php name/description/testimony cross site scripting

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was shared 02/02/2024 by Michael Blunt. This vulnerability was named CVE-2024-1196. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field02/02/2024 08:5202/25/2024 07:5602/25/2024 08:02
vendorSourceCodesterSourceCodesterSourceCodester
nameTestimonial Page ManagerTestimonial Page ManagerTestimonial Page Manager
version1.01.01.0
componentHTTP POST Request HandlerHTTP POST Request HandlerHTTP POST Request Handler
fileadd-testimonial.phpadd-testimonial.phpadd-testimonial.php
argumentname/description/testimonyname/description/testimonyname/description/testimony
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rcRRR
person_nameMichael BluntMichael BluntMichael Blunt
cveCVE-2024-1196CVE-2024-1196CVE-2024-1196
responsibleVulDBVulDBVulDB
date1706828400 (02/02/2024)1706828400 (02/02/2024)1706828400 (02/02/2024)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcURURUR
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.84.84.8
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.24.24.2
cvss3_meta_basescore4.34.34.9
cvss3_meta_tempscore4.24.24.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1706828400 (02/02/2024)1706828400 (02/02/2024)
cve_nvd_summaryA vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore5.0
cvss3_nvd_basescore6.1
cvss3_cna_basescore4.3

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!