Arbitrary Code Execution via XSS in Lost and Found Information System 1.0

Arbitrary Code Execution via XSS in Lost and Found Information System 1.0

CVE-2023-36159 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

Learn more about our User Device Pen Test.