CVE-2024-0782 LOW

CVE-2024-0782: CodeAstro Online Railway Reservation System pass-profile.php cross site scripting

Vendor Codeastro
Product Online Railway Reservation System
Weakness CWE-79 · XSS
Published January 22, 2024
Last update October 21, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 22, 2024 CVE published
October 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-5379 JFinalCMS template cross site scripting CVE-2023-6889 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq CVE-2023-51677 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS) CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute CVE-2025-69320 WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability