CVE-2024-4644

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published May 8, 2024
Updated: Jun 4, 2024
CWE ID 79

Summary

CVE-2024-4644 is a newly disclosed vulnerability affecting the SourceCodester Prison Management System 1.0. The issue resides in the /Employee/changepassword.php file and involves manipulation of the txtold_password, txtnew_password, and txtconfirm_password arguments. This results in a cross-site scripting (XSS) vulnerability, which can be exploited remotely. Attackers can leverage this flaw to inject malicious code into unsuspecting users' browsers. This vulnerability, identified as VDB-263488, has been publicly disclosed and is currently exploitable.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share