Skip to main content

Simple Customer Relationship Management System CVE-2023-24651

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-02-27 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 27, 2023 - 16:15 nvd
MEDIUM 5.4

DescriptionNVD

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.

AnalysisAI

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. Affected products include: Oretnom23 Simple Customer Relationship Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-24655 CRITICAL POC
9.8 Mar 23

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name

CVE-2023-0917 CRITICAL POC
9.8 Feb 19

A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management S

CVE-2023-24732 HIGH POC
8.8 Mar 15

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gende

CVE-2023-24731 HIGH POC
8.8 Mar 15

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query

CVE-2023-24730 HIGH POC
8.8 Mar 15

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the compa

CVE-2023-24729 HIGH POC
8.8 Mar 15

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the addre

CVE-2023-24728 HIGH POC
8.8 Mar 15

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the conta

CVE-2023-24656 HIGH POC
8.8 Feb 27

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subj

CVE-2023-24654 HIGH POC
8.8 Feb 27

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name

CVE-2023-24653 HIGH POC
8.8 Feb 27

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldp

CVE-2023-24652 HIGH POC
8.8 Feb 27

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Desc

CVE-2023-24364 HIGH POC
8.8 Feb 27

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the user

Share

CVE-2023-24651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy