CVE-2023-2397 LOW

CVE-2023-2397: SourceCodester Simple Mobile Comparison Website cross site scripting

Vendor Sourcecodester
Product Simple Mobile Comparison Website
Weakness CWE-79 · XSS
Published April 28, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

2.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.

Key dates

02Disclosure timeline

April 28, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2021-24204 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget CVE-2025-22798 WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-48326 WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS)