CVE-2024-24041

2024-02-0100:00:00

mitre

www.cve.org

xss

travel journal

php

mysql

crafted payload

write journal

location parameter

0.0005 Low

EPSS

Percentile

17.1%

JSON

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.

References

github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md

portswigger.net/web-security/cross-site-scripting

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2024-24041