Plattform
php
Komponente
internet-banking-system
Behoben in
1.0.1
CVE-2024-0773 is a problematic cross-site scripting (XSS) vulnerability affecting CodeAstro Internet Banking System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and sensitive data. A fix is available in version 1.0.1.
Successful exploitation of CVE-2024-0773 allows an attacker to inject arbitrary JavaScript code into the Internet Banking System. This can lead to session hijacking, phishing attacks, and the theft of sensitive user information, such as login credentials and financial data. The attacker could potentially redirect users to malicious websites or deface the application's interface. Given the nature of internet banking systems, the potential impact is significant, potentially leading to financial losses and reputational damage for both the bank and its customers. The remote nature of the attack makes it easily exploitable.
This vulnerability has been publicly disclosed and a corresponding identifier (VDB-251677) has been assigned. While no specific active campaigns have been reported, the availability of public information increases the risk of exploitation. The LOW CVSS score reflects the relatively simple exploitation process and the potential for limited impact if not combined with other vulnerabilities. No KEV listing is currently available.
Financial institutions and businesses utilizing CodeAstro Internet Banking System version 1.0 are at immediate risk. Shared hosting environments where multiple websites share the same server resources are particularly vulnerable, as an attacker could potentially exploit this vulnerability on one website to gain access to others. Legacy systems that have not been regularly patched or updated are also at higher risk.
• php / web:
grep -r "pages_client_signup.php" /var/www/html/• generic web:
curl -I https://your-internet-banking-system/pages_client_signup.php?Client Full Name=<script>alert(1)</script>• generic web:
grep -A 10 "pages_client_signup.php" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.17% (38% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-0773 is to immediately upgrade to version 1.0.1 of the CodeAstro Internet Banking System. Prior to upgrading, it's recommended to create a full backup of the system, including the database and application files. If an upgrade is not immediately feasible, consider implementing input validation and sanitization on the 'Client Full Name' field to prevent malicious script injection. Web application firewalls (WAFs) can also be configured to filter out potentially malicious requests targeting the vulnerable endpoint. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple JavaScript payload into the 'Client Full Name' field and verifying that it is not executed.
Actualice el sistema Internet Banking System a una versión parcheada que solucione la vulnerabilidad XSS. Si no hay una versión disponible, filtre y escape adecuadamente la entrada del usuario en el campo 'Client Full Name' en el archivo pages_client_signup.php para evitar la inyección de código malicioso.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-0773 is a cross-site scripting (XSS) vulnerability in CodeAstro Internet Banking System versions 1.0-1.0, allowing attackers to inject malicious scripts via the Client Full Name field.
If you are using CodeAstro Internet Banking System version 1.0, you are affected by this vulnerability. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1 of the CodeAstro Internet Banking System. Ensure you back up your system before upgrading.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Please refer to the CodeAstro website or relevant security mailing lists for the official advisory regarding CVE-2024-0773.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.