Lucene search
INCIBECVE-2024-8473HistorySep 05, 2024 - 1:15 p.m.
CVE-2024-8473
2024-09-0513:15:15
CWE-79
INCIBE
web.nvd.nist.gov
25
cve-2024-8473
sql injection
cross-site scripting
job portal
user email
session details
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user throughΒ user_email parameter in /jobportal/admin/login.php.
Affected configurations
Node
phpgurukuljob_portalMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpgurukul | job_portal | 1.0 | cpe:2.3:a:phpgurukul:job_portal:1.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Job Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]Related
cvelist
cvelist
CVE-2024-8473 SQL injection vulnerability in Job Portal
2024-09-05 13:08:31
vulnrichment
vulnrichment
CVE-2024-8473 SQL injection vulnerability in Job Portal
2024-09-05 13:08:31
nvd
nvd
CVE-2024-8473
2024-09-05 13:15:15
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Related for CVE-2024-8473