Key Information 1. Vulnerability ID: - VDB-276261 - CVE-2024-8366 2. Affected Software: - Code-Projects Pharmacy Management System 1.0 3. Affected File: - 4. Affected Component: - Update My Profile Page 5. Vulnerability Type: - Cross Site Scripting (XSS) 6. CVSS Meta Temp Score: - 4.1 7. Current Exploit Price: - $0-$5k 8. CTI Interest Score: - 2.89 9. Vulnerability Description: - The vulnerability exists in Code-Projects Pharmacy Management System 1.0, affecting the component in an unknown file . By inputting into the parameters, a Cross-Site Scripting (XSS) attack can be triggered. CWE classifies this issue as CWE-79. The product fails to properly handle or sanitize user-controlled input, resulting in output being sent as web content to other users, thereby compromising integrity. 10. Vulnerability Identification: - Identified by CVE-2024-8366 11. Exploit Difficulty: - Easy 12. Exploit Method: - Can be exploited remotely - Requires user interaction - Publicly disclosed with publicly available exploit tools 13. Technical Details: - Utilizes MITRE ATT&CK technique T1059.007 14. Vulnerability Nature: - Proof of Concept 15. Recommended Mitigation: - Replace the affected component 16. Related Vulnerability IDs: - VDB-205454 - VDB-205455 - VDB-221494 - VDB-229155 Summary This vulnerability is a Cross-Site Scripting (XSS) flaw located in the component of Code-Projects Pharmacy Management System 1.0. By injecting malicious input, an attacker can execute scripts in other users' browsers, compromising the integrity of the system. It is recommended to replace the affected component to remediate this vulnerability.