CVE-2024-7916 | nafisulbari/itsourcecode Insurance Management System 1.0 Add Nominee Page addNominee.php Nominee-Client ID cross site scripting

A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting.

This vulnerability is known as CVE-2024-7916. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7916 | nafisulbari/itsourcecode Insurance Management System 1.0 Add Nominee Page addNominee.php Nominee-Client ID cross site scripting

Post correlati

CVE-2024-7987 | Rockwell ThinManager ThinServer Local Privilege Escalation (ZDI-24-1157)

CVE-2024-37288 | Elastic Kibana 8.15.0 YAML Parser deserialization

CVE-2024-3609 | ReviewX Plugin up to 1.6.27 on WordPress authorization

CVE-2024-50203 | Linux Kernel up to 6.11.5 bpf emit_a64_mov_i64 heap-based overflow (7db1a2121f3c/a552e2ef5fd1)