CVE-2024-5385

🗓️ 27 May 2024 00:00:04Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 28 Views🌐 WEB

A remote code execution vulnerability found in oretnom23 Online Car Wash Booking System 1.0 allows for cross site scripting through the First Name/Last Name field, leading to potential remote attacks

Reporter	Title	Published	Views	Family All 8
CNNVD	Online Car Wash Booking System 跨站脚本漏洞	26 May 202400:00	–	cnnvd
Cvelist	CVE-2024-5385 oretnom23 Online Car Wash Booking System cross site scripting	27 May 202400:00	–	cvelist
EUVD	EUVD-2024-46610	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5385	27 May 202400:15	–	nvd
OSV	CVE-2024-5385	27 May 202400:15	–	osv
Positive Technologies	PT-2024-35951 · Unknown · Oretnom23 Online Car Wash Booking System	27 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-5385	23 May 202509:06	–	redhatcve
Vulnrichment	CVE-2024-5385 oretnom23 Online Car Wash Booking System cross site scripting	27 May 202400:00	–	vulnrichment

NVD

Vulners

Node

oretnom23 online_car_wash_booking_systemMatch1.0

[
  {
    "vendor": "oretnom23",
    "product": "Online Car Wash Booking System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
First Name	query param	admin/?page=user/list	Cross-site scripting via First Name/Last Name parameters on admin list page (CWE-79).	CWE-79
Last Name	query param	admin/?page=user/list	Cross-site scripting via First Name/Last Name parameters on admin list page (CWE-79).	CWE-79

30 Jul 2025 16:00Current

3.4Low risk

Vulners AI Score3.4

CVSS 3.12.4 - 4.1

CVSS 23.3

CVSS 45.1

CVSS 32.4

EPSS0.0006

SSVC

CWE-79