Lucene search

VulDBCVE-2024-7916

HistoryAug 18, 2024 - 11:15 p.m.

CVE-2024-7916

2024-08-1823:15:03

CWE-79

VulDB

web.nvd.nist.gov

vulnerability

itsourcecode

insurance management system

cross site scripting

addnominee.php

remote attack

disclosure

vendor

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

3.7

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

insurance_management_system_projectinsurance_management_systemMatch1.0

VendorProductVersionCPE
insurance_management_system_projectinsurance_management_system1.0cpe:2.3:a:insurance_management_system_project:insurance_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insurance_management_system_project	insurance_management_system	1.0	cpe:2.3:a:insurance_management_system_project:insurance_management_system:1.0:::::::*

CNA Affected

[
  {
    "vendor": "nafisulbari",
    "product": "Insurance Management System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Add Nominee Page"
    ]
  },
  {
    "vendor": "itsourcecode",
    "product": "Insurance Management System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Add Nominee Page"
    ]
  }
]

References

vuldb.com/?ctiid.275041

vuldb.com/?id.275041

vuldb.com/?submit.388905

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

3.7

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

Related for CVE-2024-7916