CVE-2024-12359: code-projects Admin Dashboard vendor_management.php cross site scripting
First published: Mon Dec 09 2024(Updated: )
A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| code-projects Admin Dashboard | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12359?
CVE-2024-12359 is classified as a problematic vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2024-12359?
To mitigate CVE-2024-12359, validate and sanitize the input for the username parameter in the /vendor_management.php file.
Who is affected by CVE-2024-12359?
CVE-2024-12359 affects users of code-projects Admin Dashboard version 1.0.
What type of vulnerability is CVE-2024-12359?
CVE-2024-12359 is a cross-site scripting (XSS) vulnerability.
Can CVE-2024-12359 be exploited remotely?
Yes, CVE-2024-12359 can be exploited remotely by manipulating the username argument.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/source
- vendor/code-projects
- canonical/code-projects admin dashboard
- version/code-projects admin dashboard/1.0