CVE-2023-5585

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 15, 2023
Updated: May 17, 2024
CWE ID 79

Summary

CVE-2023-5585 is a newly disclosed vulnerability affecting the SourceCodester Online Motorcycle Rental System 1.0. Specifically, the Bike List component's /admin/?page=bike file contains a cross-site scripting (XSS) issue. By manipulating the "Model" argument with the input "<script>confirm (document.cookie)</script>", an attacker can execute malicious scripts in a user's browser. This vulnerability can be exploited remotely and its existence has been made public. Vulnerability database VDB assigns the identifier VDB-242170 to this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share