CVE-2024-8172

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 79

Summary

CVE-2024-8172 is a cross-site scripting vulnerability found in the SourceCodester QR Code Attendance System version 1.0, specifically affecting the file /endpoint/delete-student.php. This flaw allows remote attackers to manipulate the "student/attendance" argument, potentially leading to unauthorized actions on the web application. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating that user interaction is required for exploitation. To remediate this issue, organizations should apply necessary input validation and sanitization measures to prevent malicious scripts from being executed in user browsers. Failure to address this vulnerability may expose organizations to risks such as data theft or unauthorized access to sensitive information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share