CVE-2024-7814 MEDIUM

CVE-2024-7814: CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting

Vendor Codeastro
Product Online Railway Reservation System
Weakness CWE-79 · XSS
Published August 15, 2024
Last update September 3, 2024
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

August 15, 2024 CVE published
September 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11496 Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.5 - Unauthenticated Stored Cross-Site Scripting CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting CVE-2025-68991 WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-22554 WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-46537 WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability