CVE-2024-0266: Project Worlds Online Lawyer Management System User Registration cross site scripting
Description
A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability. Es wurde eine problematische Schwachstelle in Project Worlds Online Lawyer Management System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Komponente User Registration. Dank Manipulation des Arguments First Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-0266
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Problem Types
CWE-79 Cross Site ScriptingAffected Products
Vendor: Project Worlds
Product: Online Lawyer Management System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.08% (probability of being exploited)
EPSS Percentile: 24.85% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-0266https://vuldb.com/?id.249822
https://vuldb.com/?ctiid.249822
https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing