CVE-2024-11246: code-projects Farmacia adicionar-cliente.php cross site scripting
First published: Fri Nov 15 2024(Updated: )
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Anisha Farmacia | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11246?
CVE-2024-11246 is classified as problematic due to its potential for cross site scripting attacks.
How do I fix CVE-2024-11246?
To fix CVE-2024-11246, ensure proper sanitization and validation of inputs in the /adicionar-cliente.php file.
What software is affected by CVE-2024-11246?
CVE-2024-11246 affects Anisha Farmacia version 1.0.
What type of vulnerability is CVE-2024-11246?
CVE-2024-11246 is a cross site scripting vulnerability.
Can CVE-2024-11246 be exploited remotely?
Yes, CVE-2024-11246 can be exploited remotely by manipulating the parameters in the affected PHP file.
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/anisha
- canonical/anisha farmacia
- version/anisha farmacia/1.0