Vulnerability Details : CVE-2023-3017
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2023-3017
- cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3017
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3017
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:N/AC:L/Au:M/C:N/I:P/A:N |
6.4
|
2.9
|
VulDB | |
2.4
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N |
0.9
|
1.4
|
VulDB | |
2.4
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N |
0.9
|
1.4
|
VulDB | 2024-02-29 |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2023-3017
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-3017
-
https://vuldb.com/?id.230361
CVE-2023-3017: SourceCodester Lost and Found Information System Manage User Page cross site scriptingThird Party Advisory
-
https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0
Lost and Found Information System v1.0 — HTML Injection — CVE-2023–3017 | by Akash Pandey | May, 2023 | MediumExploit
-
https://vuldb.com/?ctiid.230361
Third Party Advisory
Jump to