Key Information 1. Vulnerability ID: - VDB-286412 - CVE-2024-11996 2. Vulnerability Name: - Code-Projects Farmacia 1.0 /editar-fornecedor.php Cidade Cross Site Scripting 3. CVSS Meta Temp Score: - 5.3 4. Current Exploit Price: - $0-$5k 5. CTI Interest Score: - 1.50 6. Affected File: - /editar-fornecedor.php 7. Issue Description: - The vulnerability exists in Code-Projects Farmacia 1.0, affecting the file /editar-fornecedor.php, which involves an unknown function. Manipulating the parameter via unknown input can lead to a Cross-Site Scripting (XSS) attack. The issue is classified under CWE-79. The product fails to properly neutralize or does not neutralize user-controllable input before outputting it to other users. 8. Vulnerability Type: - Cross Site Scripting (XSS) 9. Impact: - Integrity 10. Exploitability: - Publicly disclosed and potentially exploitable. - Successful exploitation requires user interaction. - Technical details and public exploits are known. - MITRE ATT&CK categorizes the attack technique as T1059.007. 11. Exploitation Method: - Exploitation method is publicly available and vulnerable targets can be identified via Google Hacking. 12. Recommended Mitigation: - Replace the affected component. 13. Related Vulnerability IDs: - VDB-241608, VDB-284680, VDB-284681, VDB-284682 Summary This vulnerability is a Cross-Site Scripting (XSS) flaw affecting the file in Code-Projects Farmacia 1.0. It can be triggered by manipulating the parameter through user input, leading to XSS attacks. The exploitation method is publicly disclosed, and it is recommended to replace the affected component to prevent exploitation.