CVE-2024-9952

🗓️ 15 Oct 2024 02:00:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Vulnerability in SourceCodester Online Eyewear Shop 1.0 allows remote attackers to initiate cross-site scripting via manipulated Address parameter in /admin/?page=system_info/contact_info

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-9952	15 Oct 202405:13	–	circl
CNNVD	SourceCodester Online Eyewear Shop 跨站脚本漏洞	15 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-9952 SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting	15 Oct 202402:00	–	cvelist
EUVD	EUVD-2024-50234	3 Oct 202520:07	–	euvd
NVD	CVE-2024-9952	15 Oct 202402:15	–	nvd
Positive Technologies	PT-2024-39963 · Sourcecodester · Sourcecodester Online Eyewear Shop	14 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-9952	23 May 202508:15	–	redhatcve
Vulnrichment	CVE-2024-9952 SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting	15 Oct 202402:00	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

oretnom23 online_eyewear_shopMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Online Eyewear Shop",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Contact Information Page"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
gist	www.gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d
sourcecodester	www.sourcecodester.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
Address	query param	admin/?page=system_info/contact_info	Cross-site scripting via Address parameter on Contact Information Page (admin).	CWE-79

16 Oct 2024 15:05Current

3.8Low risk

Vulners AI Score3.8

CVSS 3.12.4 - 4.8

CVSS 23.3

CVSS 45.1

CVSS 32.4

EPSS0.00211

SSVC

CWE-79