Platform
php
Component
cve_hub
Fixed in
1.0.1
CVE-2024-0282 is a cross-site scripting (XSS) vulnerability affecting Kashipara Food Management System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. A fix is available in version 1.0.1, and users are strongly encouraged to upgrade immediately.
Successful exploitation of CVE-2024-0282 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious outcomes, including stealing user credentials, redirecting users to phishing sites, or defacing the application's interface. The vulnerability resides in the addmaterialsubmit.php file, specifically within the handling of the tin parameter. The attacker can manipulate this parameter to inject malicious code that will be executed when a user views the affected page. Given the public disclosure of this exploit, the risk of immediate exploitation is elevated.
CVE-2024-0282 has been publicly disclosed, increasing the likelihood of exploitation. The vulnerability is rated as LOW severity according to CVSS. Public proof-of-concept exploits are likely available, making it relatively easy for attackers to leverage this vulnerability. The vulnerability was published on 2024-01-07. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.09% (26% percentile)
CVSS Vector
The primary mitigation for CVE-2024-0282 is to upgrade Kashipara Food Management System to version 1.0.1 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the tin parameter within addmaterialsubmit.php to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert('XSS')</script>) through the tin parameter and confirming that it is properly neutralized.
Update Kashipara Food Management System to a version later than 1.0, if available, that fixes the XSS vulnerability in the addmaterialsubmit.php file. If no update is available, it is recommended to disable or remove the system until a solution is published. As a temporary measure, thorough validation and sanitization of the 'tin' input in addmaterialsubmit.php can be implemented to prevent malicious code injection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-0282 is a cross-site scripting (XSS) vulnerability in Kashipara Food Management System versions 1.0–1.0, allowing attackers to inject malicious scripts via the 'tin' parameter in addmaterialsubmit.php.
You are affected if you are using Kashipara Food Management System version 1.0–1.0. Upgrade to version 1.0.1 or later to mitigate the risk.
Upgrade to Kashipara Food Management System version 1.0.1 or later. As a temporary measure, implement input validation and sanitization on the 'tin' parameter.
Due to the public disclosure of the exploit, there is a high probability that CVE-2024-0282 is being actively exploited.
Unfortunately, a direct link to the official advisory is not available. Consult the vendor's website or security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.