CVE-2024-12783

LOW

Vehicle Management System 1.0 - Cross-Site Scripting via billaction.php Extra-Cost Parameter

Title source: llm

Description

A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Product product

https://itsourcecode.com/

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.288959

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.288959

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.462628

Exploit, Third Party Advisory exploit

https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20billaction.php%20has%20Cross-site%20Scripting%20(XSS).pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 3.5

EPSS 0.0024

EPSS Percentile 47.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

angeljudesuarez/vehicle_management_system 1.0

Published Dec 19, 2024

Tracked Since Feb 18, 2026