CVE Details
Basic Information
| Title | CodeAstro Internet Banking System pages_system_settings.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2023-10-22T22:00:08.748Z |
| Modified | 2024-08-02T08:07:32.437Z |
Product Information
| Vendor | CodeAstro |
|---|---|
| Product | Internet Banking System |
| Version | 1.0 |
CVSS Information
| Base Score | 3.5 (LOW) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
AI Analysis
| AI Description | A cross-site scripting vulnerability in CodeAstro Internet Banking System 1.0 allows remote attackers to inject malicious scripts via the sys_name argument in pages_system_settings.php. |
|---|---|
| AI Severity | Low |
| AI Vendor | CodeAstro |
| AI Product | Internet Banking System |
| AI Version | 1.0 |
Affected Products
- CodeAstro Internet Banking System 1.0
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.