Platform
php
Component
cve_hub
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Campcodes Online Job Finder System versions 1.0 through 1.0. This flaw resides within the /admin/vacancy/index.php file and allows attackers to inject malicious scripts through manipulation of the 'view' argument. The vulnerability has been publicly disclosed and a patch is available in version 1.0.1.
Successful exploitation of CVE-2024-2679 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Online Job Finder System. This can lead to various malicious outcomes, including session hijacking, credential theft, and defacement of the administrative interface. An attacker could potentially gain unauthorized access to sensitive data or perform actions on behalf of an administrator. The impact is particularly concerning given the administrative context of the affected file.
This vulnerability has been publicly disclosed and a proof-of-concept may be available. The CVSS score is LOW, indicating a relatively low probability of exploitation in the wild, but the administrative context of the affected file increases the potential impact if exploited. The vulnerability was published on 2024-03-20. It is tracked in the VDB as VDB-257379.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-2679 is to immediately upgrade to version 1.0.1 of Campcodes Online Job Finder System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'view' parameter within the /admin/vacancy/index.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'view' parameter and verifying that it is properly sanitized.
Update to a patched version of the Online Job Finder System. If no version is available, it is recommended to sanitize the inputs of the 'view' parameter in the file /admin/vacancy/index.php to prevent XSS (Cross-Site Scripting) code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-2679 is a cross-site scripting (XSS) vulnerability affecting Campcodes Online Job Finder System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /admin/vacancy/index.php file.
You are affected if you are running Campcodes Online Job Finder System versions 1.0–1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 of Campcodes Online Job Finder System. As a temporary workaround, implement input validation and output encoding on the 'view' parameter.
While the CVSS score is LOW, the vulnerability has been publicly disclosed, and exploitation is possible. Monitor your systems for suspicious activity.
Refer to the Campcodes website or relevant security advisories for the official advisory regarding CVE-2024-2679.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.