{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10199","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-10-20T18:49:42.384Z","datePublished":"2024-10-21T01:31:04.133Z","dateUpdated":"2024-10-21T13:39:42.129Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-10-21T01:31:04.133Z"},"title":"code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]}],"affected":[{"vendor":"code-projects","product":"Pharmacy Management System","versions":[{"version":"1.0","status":"affected"}],"modules":["Manage Medicines Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in code-projects Pharmacy Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /manage_medicine.php der Komponente Manage Medicines Page. Durch das Manipulieren des Arguments name/address/doctor_address/suppliers_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-10-20T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-10-20T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-10-20T20:54:58.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"c4ttr4ck (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.281024","name":"VDB-281024 | code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.281024","name":"VDB-281024 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.426916","name":"Submit #426916 | code-projects Pharmacy Management System 1.0 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9","tags":["exploit"]},{"url":"https://code-projects.org/","tags":["product"]}]},"adp":[{"affected":[{"vendor":"code-projects","product":"pharmacy_management_system","cpes":["cpe:2.3:a:code-projects:pharmacy_management_system:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-21T13:39:02.037709Z","id":"CVE-2024-10199","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-21T13:39:42.129Z"}}]}}