CVE-2024-3365 - OpenCVE

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259469 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md
https://vuldb.com/?ctiid.259469
https://vuldb.com/?id.259469
https://vuldb.com/?submit.310432

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-04-06T09:31:05.024Z

Updated: 2024-08-01T20:05:08.508Z

Reserved: 2024-04-05T06:02:11.056Z

Link: CVE-2024-3365

Vulnrichment

Updated: 2024-08-01T20:05:08.508Z

NVD

Status : Awaiting Analysis

Published: 2024-04-06T10:15:07.763

Modified: 2024-05-17T02:39:53.000

Link: CVE-2024-3365

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3365", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-04-05T06:02:11.056Z", "datePublished": "2024-04-06T09:31:05.024Z", "dateUpdated": "2024-08-01T20:05:08.508Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-06T09:31:05.024Z"}, "title": "SourceCodester Online Library System controller.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "SourceCodester", "product": "Online Library System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259469 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in SourceCodester Online Library System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin/users/controller.php. Dank Manipulation des Arguments user_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-04-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-04-05T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-05T08:07:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "liuann (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.259469", "name": "VDB-259469 | SourceCodester Online Library System controller.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.259469", "name": "VDB-259469 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.310432", "name": "Submit #310432 | https://www.sourcecodester.com/ Online Library System 1.0 Stored XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "online_library_system_project", "product": "online_library_system", "cpes": ["cpe:2.3:a:online_library_system_project:online_library_system:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T17:55:30.049122Z", "id": "CVE-2024-3365", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:47:50.361Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.508Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.259469", "name": "VDB-259469 | SourceCodester Online Library System controller.php cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.259469", "name": "VDB-259469 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.310432", "name": "Submit #310432 | https://www.sourcecodester.com/ Online Library System 1.0 Stored XSS", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.259469", "name": "VDB-259469 | SourceCodester Online Library System controller.php cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.259469", "name": "VDB-259469 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.310432", "name": "Submit #310432 | https://www.sourcecodester.com/ Online Library System 1.0 Stored XSS", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.508Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3365", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T17:55:30.049122Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:online_library_system_project:online_library_system:1.0:*:*:*:*:*:*:*"], "vendor": "online_library_system_project", "product": "online_library_system", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T18:21:13.102Z"}}], "cna": {"title": "SourceCodester Online Library System controller.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "liuann (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "SourceCodester", "product": "Online Library System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-04-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-04-05T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-05T08:07:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.259469", "name": "VDB-259469 | SourceCodester Online Library System controller.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.259469", "name": "VDB-259469 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.310432", "name": "Submit #310432 | https://www.sourcecodester.com/ Online Library System 1.0 Stored XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259469 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in SourceCodester Online Library System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin/users/controller.php. Dank Manipulation des Arguments user_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-06T09:31:05.024Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3365", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:08.508Z", "dateReserved": "2024-04-05T06:02:11.056Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-04-06T09:31:05.024Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259469 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Online Library System 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo admin/users/controller.php. La manipulaci\u00f3n del argumento nombre_usuario conduce a cross-site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259469."}], "id": "CVE-2024-3365", "lastModified": "2024-05-17T02:39:53.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-04-06T10:15:07.763", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-07.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.259469"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.259469"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.310432"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}