CVE-2023-2691 LOW

CVE-2023-2691: SourceCodester Personnel Property Equipment System POST Parameter add_item.php cross site scripting

Vendor Sourcecodester
Product Personnel Property Equipment System
Weakness CWE-79 · XSS
Published May 14, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.

Key dates

02Disclosure timeline

May 14, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title CVE-2024-5344 The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget CVE-2025-49579 Citizen allows stored XSS in menu heading message CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality