CVE-2024-1196 MEDIUM

CVE-2024-1196: SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting

Vendor Sourcecodester
Product Testimonial Page Manager
Weakness CWE-79 · XSS
Published February 2, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

February 2, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9007 jeanmarc77 123solar detailed.php cross site scripting CVE-2021-24874 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting CVE-2022-23988 WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting CVE-2023-0867 Multiple stored and reflected Cross-site Scripting in webapp CVE-2025-47666 WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability