CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-57522

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00334/1

CVE-2024-57522: Cross-Site Scripting (XSS) vulnerability identified in SourceCodester Packers and Movers Management System v1.0, specifically in Users.php. An attacker can exploit this by injecting malicious scripts into the username or name fields when creating a user account. While the CVSS score is 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a low but non-negligible risk. Successful exploitation allows attackers to execute arbitrary JavaScript code in the victim's browser. This could lead to session hijacking, defacement, or redirection to malicious websites. This vulnerability is significant because it can be exploited through a simple user creation process and is tagged as 'In The Wild', suggesting active exploitation attempts. Organizations using this system should prioritize patching or mitigating this XSS vulnerability.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-02-03
LAST MODIFIED2025-02-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-57522 is a newly disclosed vulnerability with limited information currently available. While the CVSS score is 0, indicating a lack of quantifiable severity assessment, the SOCRadar Vulnerability Risk Score (SVRS) stands at 30. This score, while not critical, suggests a potential for significant risk, especially given the "In The Wild" tag, indicating active exploitation by attackers.

Key Insights

  1. Limited Information: The lack of a detailed description and a CVSS score of 0 highlights the need for immediate investigation and analysis to understand the vulnerability's impact and exploitability.
  2. Active Exploitation: The "In The Wild" tag is a critical warning. Attackers are actively exploiting this vulnerability, making it a high priority for remediation.
  3. SVRS Significance: The SVRS score of 30, while not indicating a critical vulnerability, surpasses the typical assessment of the CVSS and suggests potential risks requiring immediate attention.
  4. Unknown Impact: Without a detailed description, it is impossible to determine the full scope of impact and potential consequences of this vulnerability.

Mitigation Strategies

  1. Emergency Patching: Immediately prioritize patching the affected systems with the latest security updates released by the vendor.
  2. Network Segmentation: Implement network segmentation strategies to isolate vulnerable systems and restrict lateral movement of attackers.
  3. Intrusion Detection and Prevention: Deploy and configure intrusion detection and prevention systems (IDS/IPS) to detect and block malicious activities associated with the vulnerability.
  4. Threat Intelligence Monitoring: Actively monitor threat intelligence feeds for indicators of compromise (IoCs) related to CVE-2024-57522 to identify potential attacks.

Additional Information:

For further information and updates regarding CVE-2024-57522, users can access SOCRadar's 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-57522 | SourceCodester Packers and Movers Management System 1.0 Users.php username/name cross site scripting
vuldb.com2025-02-03
CVE-2024-57522 | SourceCodester Packers and Movers Management System 1.0 Users.php username/name cross site scripting | A vulnerability classified as problematic has been found in SourceCodester Packers and Movers Management System 1.0. Affected is an unknown function of the file Users.php. The manipulation of the argument username/name leads to cross site scripting. This vulnerability is traded as CVE-2024-57522</a
php
vuldb.com
rss
forum

Social Media

New post from https://t.co/uXvPWJy6tj (CVE-2024-57522 | SourceCodester Packers and Movers Management System 1.0 Users.php username/name cross site scripting) has been published on https://t.co/QIAJ4S6XVF
0
0
0
CVE-2024-57522 SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the … https://t.co/bf1cO0npfP
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/HackWidMaddy/CVE-2024-57522
GITHUBhttps://github.com/HackWidMaddy/CVE-2024-57522

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence