CVE-2023-2973

low-risk
Published 2023-05-30

A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet Syste 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10 Low
NETWORK / LOW complexity

Affected Products (1)

Students Online Internship Timesheet System

Affected Vendors

Students Online Internship Timesheet System Project

References (6)

Exploit https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md
Permissions Required https://vuldb.com/?ctiid.230204
Third Party Advisory https://vuldb.com/?id.230204
Exploit https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md
Permissions Required https://vuldb.com/?ctiid.230204
Third Party Advisory https://vuldb.com/?id.230204
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal