CVE-2024-8366 | code-projects Pharmacy Management System 1.0 Update My Profile Page index.php fname/lname/email cross site scripting

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-8366. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-8366 | code-projects Pharmacy Management System 1.0 Update My Profile Page index.php fname/lname/email cross site scripting

Related Posts

CVE-2023-4224 | Chamilo LMS up to 1.11.24 dropbox.ajax.php unrestricted upload

CVE-2024-2905 | rpm-ostree /etc/shadow default permission

CVE-2024-6160 | Jan Syski MegaBIP up to 5.12.1 sql injection

CVE-2024-1064 | Arcadia Technology Crafty Controller up to 4.2.2 HTTP Host http headers for scripting syntax (Issue 327)