CVE-2024-4974

LOW

Simple Chat System 1.0 - XSS

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264540.

References (4)

[Exploit, Third Party Advisory] https://github.com/BurakSevben/CVEs/blob/main/Simple%20Chat%20App/Simple%20Chat%20App%20-%20Cross-Site-Scripting-1.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.264540

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.264540

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.335205

Scores

CVSS v3 3.5

EPSS 0.0012

EPSS Percentile 30.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

code-projects/simple_chat_system

Timeline

Published May 16, 2024

Tracked Since Feb 18, 2026