Platform
php
Component
vulndis
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in SourceCodester User Registration and Login System versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the /endpoint/delete-user.php file and is addressed in version 1.0.1.
Successful exploitation of CVE-2023-6462 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to various malicious activities, including session hijacking, credential theft, and defacement of the application. The attacker could potentially steal sensitive user data, such as usernames, passwords, and personal information. Given the nature of XSS, the impact can range from minor annoyance to complete compromise of the application and its users, depending on the attacker's goals and the privileges of the affected user.
This vulnerability has been publicly disclosed and a proof-of-concept may be available. The CVSS score is LOW, suggesting that exploitation may require specific conditions or user interaction. It is not currently listed on CISA KEV. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Exploit Status
EPSS
0.08% (24% percentile)
CVSS Vector
The primary mitigation for CVE-2023-6462 is to upgrade to version 1.0.1 of the SourceCodester User Registration and Login System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /endpoint/delete-user.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security policies and procedures to prevent similar vulnerabilities from arising in the future. After upgrade, confirm functionality by attempting to delete a user account and verifying that no malicious scripts are executed.
Update to a patched version or apply the fix provided by the vendor. Validate and sanitize user input in the `delete-user.php` script to prevent XSS code injection. Escape HTML output to prevent malicious script execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6462 is a cross-site scripting (XSS) vulnerability affecting SourceCodester User Registration and Login System versions 1.0-1.0, allowing attackers to inject malicious scripts.
You are affected if you are using SourceCodester User Registration and Login System versions 1.0 through 1.0. Upgrade to 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 of SourceCodester User Registration and Login System. Input validation and output encoding can provide temporary protection.
While publicly disclosed, there are no confirmed reports of active exploitation at this time. Monitor security advisories for updates.
Refer to the SourceCodester website and security advisories for the latest information regarding CVE-2023-6462 and available patches.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.