Platform
php
Component
online-job-portal
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in SourceCodester Online Job Portal versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides within the 'Manage Walkin Page' component, specifically the /Employer/ManageWalkin.php file. A fix is available in version 1.0.1.
Successful exploitation of CVE-2024-1919 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the job portal. An attacker could craft a malicious link containing the XSS payload and send it to unsuspecting users, triggering the script execution upon access. The blast radius extends to all users of the affected Online Job Portal instance, particularly those interacting with the 'Manage Walkin' functionality.
This vulnerability has been publicly disclosed and a proof-of-concept may be available. The CVSS score of 3.5 (LOW) indicates a limited impact and exploitability. It is not currently listed on CISA KEV. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Exploit Status
EPSS
0.14% (34% percentile)
CVSS Vector
The primary mitigation for CVE-2024-1919 is to immediately upgrade to version 1.0.1 of SourceCodester Online Job Portal. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'Job Title' parameter within the /Employer/ManageWalkin.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security configurations to minimize the attack surface.
Update to a patched version or implement proper validation and sanitization of user inputs in the ManageWalkin.php file, especially in the Job Title field, to prevent XSS code injection. Review the source code to identify and fix other potential XSS vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-1919 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Online Job Portal versions 1.0–1.0, allowing attackers to inject malicious scripts via the 'Job Title' parameter.
You are affected if you are using SourceCodester Online Job Portal version 1.0 or 1.0. Check your version and upgrade immediately.
Upgrade to version 1.0.1. If immediate upgrade is not possible, implement input validation and output encoding on the 'Job Title' parameter.
While there's no confirmed active exploitation, the vulnerability has been publicly disclosed and a proof-of-concept may be available, increasing the risk.
Refer to SourceCodester's official website or security advisories for updates and information regarding CVE-2024-1919.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.