First published: Fri Dec 01 2023(Updated: )
A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6462 is a vulnerability identified in SourceCodester User Registration and Login System 1.0 that allows for cross site scripting (XSS) attacks through the delete-user.php endpoint.
The severity of CVE-2023-6462 is medium, with a severity value of 6.1.
The affected software for CVE-2023-6462 is SourceCodester User Registration and Login System 1.0.
CVE-2023-6462 allows attackers to inject malicious code into the user parameter of the delete-user.php endpoint, leading to cross site scripting attacks.
To mitigate CVE-2023-6462, it is recommended to sanitize and validate user input to prevent script injection, and apply security patches or updates provided by the software vendor.