平台
php
组件
cve_hub
修复版本
1.0.1
CVE-2024-0283 is a cross-site scripting (XSS) vulnerability affecting the Kashipara Food Management System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, and the exploit has been publicly disclosed.
Successful exploitation of CVE-2024-0283 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including stealing session cookies, redirecting users to phishing sites, or defacing the application. The impact is particularly severe if the application handles sensitive data, as an attacker could potentially gain access to confidential information. The vulnerability's remote accessibility significantly expands the potential attack surface, as it can be exploited from anywhere with network access to the vulnerable system. While the CVSS score is LOW, the ease of exploitation and potential for session hijacking make it a significant risk.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. No KEV listing is currently available. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's nature and public disclosure. The NVD was published on 2024-01-07.
Organizations utilizing the Kashipara Food Management System, particularly those with publicly accessible instances, are at risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• wordpress / composer / npm:
grep -r "party_details.php" ./• generic web:
curl -I http://your-website.com/party_details.php?party_name=<script>alert('XSS')</script>disclosure
漏洞利用状态
EPSS
0.07% (22% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-0283 is to upgrade to version 1.0.1 of the Kashipara Food Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the partyname parameter in partydetails.php. This can help prevent malicious scripts from being injected. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Regularly review and update input sanitization routines to prevent similar vulnerabilities from arising in the future. After upgrade, confirm by testing the party_details.php page with various inputs, including those containing potential XSS payloads.
Actualice Kashipara Food Management System a una versión parcheada que solucione la vulnerabilidad XSS en party_details.php. Si no hay una versión disponible, revise y filtre las entradas del parámetro party_name para evitar la inyección de código malicioso. Implemente validación y sanitización de datos en el lado del servidor para prevenir ataques XSS.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-0283 is a cross-site scripting (XSS) vulnerability in Kashipara Food Management System versions 1.0–1.0, allowing attackers to inject malicious scripts.
You are affected if you are using Kashipara Food Management System version 1.0 or 1.0. Upgrade to 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. If immediate upgrade is not possible, implement input validation and output encoding on the party_name parameter.
While active exploitation is not confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the vendor's website or security advisories for the official advisory regarding CVE-2024-0283.