Platform
php
Component
rrj-nueva-ecija-engineer-online-portal
Fixed in
1.0.1
CVE-2024-0181 is a cross-site scripting (XSS) vulnerability affecting the RRJ Nueva Ecija Engineer Online Portal. This vulnerability allows attackers to inject malicious scripts into the portal, potentially leading to session hijacking or defacement. The vulnerability impacts versions 1.0 through 1.0 and has been addressed in version 1.0.1.
Successful exploitation of CVE-2024-0181 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the RRJ Nueva Ecija Engineer Online Portal. This can be leveraged to steal session cookies, redirect users to malicious websites, or modify the content displayed on the portal. The impact is particularly concerning for administrative users, as compromised accounts could grant attackers access to sensitive data and control over the portal's functionality. The vulnerability's remote accessibility and public disclosure increase the likelihood of exploitation.
CVE-2024-0181 has been publicly disclosed and a proof-of-concept may be available. The vulnerability's LOW CVSS score reflects the relatively limited impact and ease of mitigation. As of the time of writing, no confirmed active exploitation campaigns have been reported, but the public disclosure warrants immediate attention and remediation.
Exploit Status
EPSS
0.13% (32% percentile)
CVSS Vector
The primary mitigation for CVE-2024-0181 is to upgrade the RRJ Nueva Ecija Engineer Online Portal to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /admin/admin_user.php page to sanitize user-supplied data. While a direct WAF rule is difficult without specific payload examples, general XSS prevention rules can offer some protection. Regularly review and update the portal's codebase to address potential security vulnerabilities.
Update the RRJ Nueva Ecija Engineer Online Portal to a patched version or implement input sanitization measures in the file /admin/admin_user.php to prevent the execution of XSS (Cross-Site Scripting) code. Validate and escape the input data from the Firstname, Lastname, and Username fields before displaying it on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-0181 is a cross-site scripting vulnerability in the RRJ Nueva Ecija Engineer Online Portal versions 1.0-1.0, allowing attackers to inject malicious scripts.
If you are running RRJ Nueva Ecija Engineer Online Portal version 1.0 or 1.0, you are potentially affected by this vulnerability.
Upgrade to version 1.0.1 or later to resolve the vulnerability. Implement input validation and output encoding as a temporary workaround.
While no confirmed active exploitation campaigns have been reported, the public disclosure increases the risk of exploitation.
Refer to the vendor's official website or security advisories for the most up-to-date information regarding CVE-2024-0181.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.