CVE-2024-6267 MEDIUM

CVE-2024-6267: SourceCodester Service Provider Management System System Info Page index.php cross site scripting

Vendor Sourcecodester
Product Service Provider Management System
Weakness CWE-79 · XSS
Published June 23, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.

Key dates

02Disclosure timeline

June 23, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-1170 code-projects Real Estate Property Management System Category.php cross site scripting CVE-2024-35779 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability CVE-2025-40991 Stored XSS in Creativeitem Ekushey CRM CVE-2022-2305 WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting CVE-2026-27358 WordPress Architecturer theme < 3.9.5 - Cross Site Scripting (XSS) vulnerability