CVE-2024-12001 | code-projects Wazifa System 1.0 Setting updatesettings.php firstname cross site scripting

Inserito da Angelo Barbosa | Nov 29, 2024 | CVE

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting.

This vulnerability is traded as CVE-2024-12001. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Other parameters might be affected as well.

CVE-2024-12001 | code-projects Wazifa System 1.0 Setting updatesettings.php firstname cross site scripting

Post correlati

CVE-2024-43813 | Mattermost up to 9.5.7/9.10.0/9.11.0 access control

CVE-2024-44253 | Apple macOS up to 13.6/14.6 access control

CVE-2024-21689 | Atlassian Bamboo Data Center/Bamboo Server Privilege Escalation

CVE-2024-7206 | eWeLink Zigbee Bridge Pro up to 2.0.0 TLS certificate validation