CVE-2024-0782

🗓️ 22 Jan 2024 16:31:03Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 26 Views🌐 WEB

A critical cross site scripting vulnerability in CodeAstro Online Railway Reservation System 1.0 allows remote attackers to execute malicious scripts

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-0782	22 Jan 202418:21	–	circl
CNNVD	Online Railway Reservation System Cross-Site Scripting Vulnerability	22 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-0782 CodeAstro Online Railway Reservation System pass-profile.php cross site scripting	22 Jan 202416:31	–	cvelist
EUVD	EUVD-2024-16570	3 Oct 202520:07	–	euvd
NVD	CVE-2024-0782	22 Jan 202417:15	–	nvd
Prion	Cross site scripting	22 Jan 202417:15	–	prion
Positive Technologies	PT-2024-15815 · Unknown · Codeastro Online Railway Reservation System	22 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0782	23 May 202507:26	–	redhatcve
Vulnrichment	CVE-2024-0782 CodeAstro Online Railway Reservation System pass-profile.php cross site scripting	22 Jan 202416:31	–	vulnrichment

NVD

Vulners

Node

online_railway_reservation_system_project online_railway_reservation_systemMatch1.0

[
  {
    "vendor": "CodeAstro",
    "product": "Online Railway Reservation System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
drive	www.drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
First Name	request body	pass-profile.php	Cross-site scripting via manipulated user profile fields in pass-profile.php.	CWE-79
Last Name	request body	pass-profile.php	Cross-site scripting via manipulated user profile fields in pass-profile.php.	CWE-79
User Name	request body	pass-profile.php	Cross-site scripting via manipulated user profile fields in pass-profile.php.	CWE-79

21 Nov 2024 08:47Current

6Medium risk

Vulners AI Score6

CVSS 3.13.5 - 6.1

CVSS 24

CVSS 33.5

EPSS0.00288

SSVC

CWE-79