CVE-2024-3414

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 6, 2024

Updated: May 17, 2024

CWE ID 693

Summary

CVE-2024-3414 is a newly disclosed vulnerability affecting the SourceCodester Human Resource Information System version 1.0. The issue lies in the processing of the file Superadmin_Dashboard/process/addcorporate_process.php, where manipulation of the argument "corporate_name" can lead to cross-site scripting (XSS). Attackers can exploit this remotely, injecting malicious scripts into unsuspecting users' browsers. With the exploit having been made public, it is essential for users to apply the necessary patches or upgrades to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vssGEV
https://www.cve.org/CVERecord?id=CVE-2024-3414
https://nvd.nist.gov/vuln/detail/CVE-2024-3414

Back to Vulnerability Database

CVE-2024-3414

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations