CVE-2024-35582

MEDIUM

Sourcecodester Laboratory Management System 1.0 - Stored Cross-Site Scripting via Department Input Field

Title source: llm

Description

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.

References (3)

Core 3

Core References

Exploit, Technical Description

https://github.com/r04i7/CVE/blob/main/CVE-2024-35582.md

View Exploit ZIP pw:eip

Not Applicable

https://owasp.org/www-community/attacks/xss/

Not Applicable

https://portswigger.net/web-security/cross-site-scripting/stored

Scores

CVSS v3 6.1

EPSS 0.0053

EPSS Percentile 67.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

oretnom23/computer_laboratory_management_system 1.0

Published May 28, 2024

Tracked Since Feb 18, 2026