CVE-2023-3165

LOW

SourceCodester Life Insurance Management System 1.0 - XSS

Title source: llm

Description

A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability.

References (3)

Core 3

Core References

Permissions Required vdb-entry technical-description

https://vuldb.com/?id.231109

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.231109

Exploit exploit

https://github.com/Hanwengao/CVERequests/blob/main/XSS.md

View Exploit ZIP pw:eip

Scores

CVSS v3 3.5

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

janobe/life_insurance_management_system 1.0

Published Jun 08, 2023

Tracked Since Feb 18, 2026