CVE-2024-31648

2024-04-1500:00:00

mitre

github.com

cross site scripting

insurance management system

remote attackers

web scripts

html

crafted payload

category name parameter

new category2

AI Score

6.3

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:insurance_management_system_project:insurance_management_system:1.0:*:*:*:*:*:*:*"
    ],
    "vendor": "insurance_management_system_project",
    "product": "insurance_management_system",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]