5.4
CVE-2023-2826
- EPSS 0.65%
- Veröffentlicht 21.05.2023 08:15:08
- Zuletzt bearbeitet 30.09.2025 14:23:21
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginSourceCodester Class Scheduling System POST Parameter search_teacher_result.php cross site scripting
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Class Scheduling System Project ≫ Class Scheduling System Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.462 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/joicygiore/ApplyForCVE/blob/main/XSS.md
https://vuldb.com/?ctiid.229612
https://vuldb.com/?id.229612