CVE-2024-8137 MEDIUM

CVE-2024-8137: SourceCodester Record Management System search_user.php cross site scripting

Vendor Sourcecodester

Product Record Management System

Weakness CWE-79 · XSS

Published August 24, 2024

Last update August 26, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_user.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

August 24, 2024 CVE published

August 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8137 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-52341 WordPress OS Our Team plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary CVE-2025-7148 CodeAstro Simple Hospital Management System POST Parameter patient.html cross site scripting CVE-2023-2767 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2026-41591 Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping