A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. Eine problematische Schwachstelle wurde in SourceCodester CRUD without Page Reload 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei fetch_data.php. Mit der Manipulation des Arguments username/city mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVE ID: CVE-2024-1215
CVSS Base Severity: LOW
CVSS Base Score: 3.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vendor: SourceCodester
Product: CRUD without Page Reload
EPSS Score: 0.13% (probability of being exploited)
EPSS Percentile: 33.54% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false