CVE-2024-8951

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 17, 2024
Updated: Sep 23, 2024
CWE ID 79

Summary

CVE-2024-8951 is a vulnerability identified in the SourceCodester Resort Reservation System version 1.0, specifically affecting the file manage_fee.php, which allows for cross-site scripting (XSS) through manipulation of the "to view" argument. This vulnerability can be exploited remotely and poses a medium severity risk with an exploitability score of 6.1, requiring user interaction but no privileged access. To remediate this issue, organizations should implement proper input validation to sanitize user input and mitigate XSS risks. The potential danger includes unauthorized data access and the ability to execute malicious scripts in users' browsers, which could lead to data breaches or compromised user accounts. The vulnerability has been publicly disclosed and is accessible for exploitation, emphasizing the need for immediate attention from affected users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share