Skip to main content

Medicine Tracker System CVE-2023-1447

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-03-17 cna@vuldb.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 17, 2023 - 07:15 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input <script>alert('2')</script> leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292.

AnalysisAI

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input <script>alert('2')</script> leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292. Affected products include: Medicine Tracker System Project Medicine Tracker System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-7134 CRITICAL POC
9.8 Dec 28

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-7123 CRITICAL POC
9.8 Dec 28

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0.php? f=

CVE-2023-1439 CRITICAL POC
9.8 Mar 17

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0.php of t

CVE-2024-7226 MEDIUM POC
6.9 Jul 30

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 6.9), this vulnerab

CVE-2024-6418 MEDIUM POC
6.9 Jun 30

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. Rated medium severi

CVE-2023-5581 MEDIUM POC
6.1 Oct 14

A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity

CVE-2023-1464 CRITICAL
9.8 Mar 17

A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. Rated critic

CVE-2024-6419 MEDIUM POC
5.3 Jul 01

A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (C

CVE-2023-30458 MEDIUM POC
5.3 Apr 24

A username enumeration issue was discovered in Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulne

CVE-2023-30112 HIGH
7.5 Apr 26

Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. Rated high severity (CVSS 7.5), this vulnerability

CVE-2023-30111 MEDIUM
6.1 Apr 26

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this

CVE-2023-30106 MEDIUM
6.1 Apr 26

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. Rated me

Share

CVE-2023-1447 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy