CVE-2024-5385

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-266303.

CVSS v3 2.4 LOW
CVSS v2.0 3.3 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:P/A:N

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?ctiid.266303	Permissions Required
https://vuldb.com/?id.266303	Third Party Advisory VDB Entry
https://vuldb.com/?submit.344504	Third Party Advisory VDB Entry
https://vuldb.com/?ctiid.266303	Permissions Required
https://vuldb.com/?id.266303	Third Party Advisory VDB Entry
https://vuldb.com/?submit.344504	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:online_car_wash_booking_system:1.0:*:*:*:*:*:*:*

History

30 Jul 2025, 16:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oretnom23:online_car_wash_booking_system:1.0:::::::*
References	~~() https://vuldb.com/?ctiid.266303 -~~	() https://vuldb.com/?ctiid.266303 - Permissions Required
References	~~() https://vuldb.com/?id.266303 -~~	() https://vuldb.com/?id.266303 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.344504 -~~	() https://vuldb.com/?submit.344504 - Third Party Advisory, VDB Entry
First Time		Oretnom23 online Car Wash Booking System Oretnom23

21 Nov 2024, 09:47

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?ctiid.266303 -~~	() https://vuldb.com/?ctiid.266303 -
References	~~() https://vuldb.com/?id.266303 -~~	() https://vuldb.com/?id.266303 -
References	~~() https://vuldb.com/?submit.344504 -~~	() https://vuldb.com/?submit.344504 -

28 May 2024, 12:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en oretnom23 Online Car Wash Booking System 1.0 y clasificada como problemática. Este problema afecta algún procesamiento desconocido del archivo /admin/?page=user/list. La manipulación del argumento Nombre/Apellido con la entrada conduce a cross site scripting. El ataque puede iniciarse de forma remota. El identificador asociado de esta vulnerabilidad es VDB-266303.

27 May 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-27 00:15

Updated : 2025-07-30 16:00

NVD link : CVE-2024-5385

Mitre link : CVE-2024-5385

CVE.ORG link : CVE-2024-5385

JSON object : View

Products Affected

oretnom23

online_car_wash_booking_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2024-5385

2.4^/10

3.3^/10

Attach tags to `CVE-2024-5385`