CVE-2024-1871 LOW

CVE-2024-1871: SourceCodester Employee Management System Project Assignment Report assignp.php cross site scripting

Vendor Sourcecodester

Product Employee Management System

Weakness CWE-79 · XSS

Published February 24, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

February 24, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1871

Related vulnerabilities

04Related CVE

CVE-2023-28994 WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS) CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2025-30768 WordPress jAlbum Bridge plugin <= 2.0.18 - Cross Site Scripting (XSS) Vulnerability CVE-2023-4841 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-27005 WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability