CVE-2024-11660 MEDIUM

CVE-2024-11660: code-projects Farmacia usuario.php cross site scripting

Vendor Code-Projects

Product Farmacia

Weakness CWE-79 · XSS

Published November 25, 2024

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Key dates

02Disclosure timeline

November 25, 2024 CVE published

November 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11660 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-1817 Badminton Center Management System Userlist Module cross site scripting CVE-2025-24624 WordPress HT Event – WordPress Event Manager Plugin for Elementor Plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-47933 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-1988 SourceCodester Online Computer and Laptop Store cross site scripting CVE-2023-30472 WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)