CVE-2023-6767 - OpenCVE

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Remyandrade	Wedding Guest E-book

Configuration 1 [-]

cpe:2.3:a:remyandrade:wedding_guest_e-book:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?ctiid.247899
https://vuldb.com/?id.247899

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-13T18:00:05.248Z

Updated: 2024-08-02T08:42:07.460Z

Reserved: 2023-12-13T09:33:17.067Z

Link: CVE-2023-6767

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-13T18:15:45.107

Modified: 2024-05-17T02:33:54.403

Link: CVE-2023-6767

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6767", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-12-13T09:33:17.067Z", "datePublished": "2023-12-13T18:00:05.248Z", "dateUpdated": "2024-08-02T08:42:07.460Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-12-13T18:00:05.248Z"}, "title": "SourceCodester Wedding Guest e-Book add-guest.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "SourceCodester", "product": "Wedding Guest e-Book", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in SourceCodester Wedding Guest e-Book 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /endpoint/add-guest.php. Durch die Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-12-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-12-13T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-12-13T10:38:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Michael Blunt", "type": "finder"}, {"lang": "en", "value": "mikel22 (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.247899", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.247899", "tags": ["signature", "permissions-required"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:07.460Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.247899", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.247899", "tags": ["signature", "permissions-required", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:remyandrade:wedding_guest_e-book:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "430DCA34-AD00-48C5-B786-F9EA8A981FBC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en SourceCodester Wedding Guest e-Book 1.0 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /endpoint/add-guest.php. La manipulaci\u00f3n del nombre del argumento conduce a cross-site scripting. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-247899."}], "id": "CVE-2023-6767", "lastModified": "2024-05-17T02:33:54.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-12-13T18:15:45.107", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.247899"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.247899"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}