Campcodes Complete Online DJ Booking System 1.0 /admin/user-search.php searchdata cross site scripting

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was presented 03/20/2024. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2024-2715. The attack may be launched remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as proof-of-concept. The exploit is available at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

139

Field

vulnerability_cvss3_meta_tempscore2
vulnerability_cvss3_cna_basescore1
vulnerability_cvss2_nvd_basescore1
source_cve_cna1
vulnerability_cvss3_cna_a1

Commit Conf

90%29
70%27
50%12
80%7

Approve Conf

80%29
90%29
70%17
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1619942205/02/2024VulD...cvss3_cna_basescore3.5see CVSS documentation05/02/2024accepted
80
1619942105/02/2024VulD...cvss2_nvd_basescore4.0nist.gov05/02/2024accepted
80
1619942005/02/2024VulD...cvss3_meta_tempscore3.3see CVSS documentation05/02/2024accepted
80
1619941905/02/2024VulD...cve_cnaVulDBnvd.nist.gov05/02/2024accepted
70
1619941805/02/2024VulD...cvss3_cna_aNnvd.nist.gov05/02/2024accepted
70
1619941705/02/2024VulD...cvss3_cna_iLnvd.nist.gov05/02/2024accepted
70
1619941605/02/2024VulD...cvss3_cna_cNnvd.nist.gov05/02/2024accepted
70
1619941505/02/2024VulD...cvss3_cna_sUnvd.nist.gov05/02/2024accepted
70
1619941405/02/2024VulD...cvss3_cna_uiRnvd.nist.gov05/02/2024accepted
70
1619941305/02/2024VulD...cvss3_cna_prLnvd.nist.gov05/02/2024accepted
70
1619941205/02/2024VulD...cvss3_cna_acLnvd.nist.gov05/02/2024accepted
70
1619941105/02/2024VulD...cvss3_cna_avNnvd.nist.gov05/02/2024accepted
70
1619941005/02/2024VulD...cvss2_nvd_aiNnvd.nist.gov05/02/2024accepted
70
1619940905/02/2024VulD...cvss2_nvd_iiPnvd.nist.gov05/02/2024accepted
70
1619940805/02/2024VulD...cvss2_nvd_ciNnvd.nist.gov05/02/2024accepted
70
1619940705/02/2024VulD...cvss2_nvd_auSnvd.nist.gov05/02/2024accepted
70
1619940605/02/2024VulD...cvss2_nvd_acLnvd.nist.gov05/02/2024accepted
70
1619940505/02/2024VulD...cvss2_nvd_avNnvd.nist.gov05/02/2024accepted
70
1619940405/02/2024VulD...cve_nvd_summaryA vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468.cve.mitre.org05/02/2024accepted
70
1619940305/02/2024VulD...cve_assigned1710889200 (03/20/2024)cve.mitre.org05/02/2024accepted
70

55 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 55 results.

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!