Scan free
LOWCVE-2024-0284CVSS 3.5

CVE-2024-0284: XSS in Kashipara Food Management System

Platform

php

Component

cve_hub

Fixed in

1.0.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2024-0284 describes a cross-site scripting (XSS) vulnerability affecting Kashipara Food Management System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user data and system integrity. A patch is available in version 1.0.1, addressing this issue.

Impact and Attack Scenarios

The XSS vulnerability in Kashipara Food Management System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application. Successful exploitation could lead to unauthorized access to sensitive data, including user credentials and financial information. The impact is amplified if the application is used to manage sensitive data or process financial transactions. While the CVSS score is LOW, the potential for user compromise and data theft remains significant.

Exploitation Context

This vulnerability has been publicly disclosed, and a proof-of-concept may be available. The vulnerability is listed in the VDB (Vulnerability Database) as VDB-249839. The CVSS score is LOW, suggesting a relatively low probability of widespread exploitation, but the public disclosure increases the risk. No active exploitation campaigns have been confirmed at the time of writing.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.07% (22% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.5LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentcve_hub
VendorKashipara
Affected rangeFixed in
1.0 – 1.01.0.1

Weakness Classification (CWE)

CWE-79

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-0284 is to upgrade Kashipara Food Management System to version 1.0.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the partyaddress parameter within the partysubmit.php file. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a temporary layer of protection. Regularly review and update input sanitization routines to prevent similar vulnerabilities in the future. After upgrade, confirm by testing the party_submit.php endpoint with various malicious inputs to ensure the vulnerability is resolved.

How to fix

Update the Kashipara Food Management System to a version later than 1.0 or apply the patch provided by the vendor to correct the XSS vulnerability in the party_submit.php file. Review and filter user input, especially the party_address argument, to prevent the injection of malicious code. Implement additional security measures, such as output encoding, to mitigate the risk of XSS attacks.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-0284 — XSS in Kashipara Food Management System?

CVE-2024-0284 is a cross-site scripting (XSS) vulnerability in Kashipara Food Management System versions 1.0-1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-0284 in Kashipara Food Management System?

You are affected if you are using Kashipara Food Management System versions 1.0 through 1.0. Upgrade to 1.0.1 to resolve the issue.

How do I fix CVE-2024-0284 in Kashipara Food Management System?

Upgrade to version 1.0.1 or later. Implement input validation and output encoding as a temporary workaround.

Is CVE-2024-0284 being actively exploited?

While no active exploitation campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk.

Where can I find the official Kashipara Food Management System advisory for CVE-2024-0284?

Refer to the Kashipara Food Management System documentation or website for the official advisory regarding CVE-2024-0284.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs