Skip to main content

Engineers Online Portal CVE-2023-7160

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-12-29 cna@vuldb.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 29, 2023 - 08:15 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.

AnalysisAI

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability. Affected products include: Janobe Engineers Online Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-5282 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5281 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5280 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical sever

CVE-2023-5279 CRITICAL POC
9.8 Sep 29

A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical

CVE-2023-5278 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Rated critic

CVE-2023-5277 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rat

CVE-2023-5276 CRITICAL POC
9.8 Sep 29

A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity

CVE-2021-42670 CRITICAL POC
9.8 Nov 05

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announ

CVE-2021-42669 CRITICAL POC
9.8 Nov 05

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which all

CVE-2021-42668 CRITICAL POC
9.8 Nov 05

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_cla

CVE-2021-42665 CRITICAL POC
9.8 Nov 05

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of inde

CVE-2023-5284 HIGH POC
8.8 Sep 29

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity

Share

CVE-2023-7160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy