cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7942,https://securityvulnerability.io/vulnerability/CVE-2024-7942,Cross Site Scripting Vulnerability in Leads Manager Tool 1.0,"A cross site scripting vulnerability has been identified in the SourceCodester Leads Manager Tool 1.0, specifically affecting the update-leads.php file. This vulnerability allows attackers to manipulate the phone_number argument, leading to potential remote exploitation. The publicly disclosed exploit could enable threat actors to execute arbitrary scripts in the context of the user's browser session, posing various security risks, including data theft and session hijacking. Users of the affected product should take immediate steps to protect their applications by applying relevant security fixes or upgrading to secure versions.",Sourcecodester,Leads Manager Tool,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-20T00:15:00.000Z,true,false,false,,2024-08-20T01:15:00.000Z,0
CVE-2024-7643,https://securityvulnerability.io/vulnerability/CVE-2024-7643,SQL Injection Vulnerability in SourceCodester Leads Manager Tool,"A significant SQL injection vulnerability has been identified in the SourceCodester Leads Manager Tool, specifically affecting version 1.0. This flaw arises from inadequate input validation in the Delete Leads Handler functionality, located at /endpoint/delete-leads.php. By manipulating the 'leads' parameter, an attacker can execute arbitrary SQL queries against the database, potentially compromising sensitive data and the overall security of the application. This vulnerability can be exploited remotely, making it critical for users to apply necessary updates or implement mitigations to secure their systems against potential attacks. For more details, refer to the advisory and recommended fixes.",Sourcecodester,Leads Manager Tool,9.8,CRITICAL,0.0013800000306218863,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7644,https://securityvulnerability.io/vulnerability/CVE-2024-7644,Cross Site Scripting Vulnerability in Leads Manager Tool 1.0,"A cross-site scripting vulnerability has been identified in the SourceCodester Leads Manager Tool version 1.0. The flaw resides in the add-leads.php file, where manipulation of the 'leads_name' and 'phone_number' parameters may allow an attacker to execute arbitrary JavaScript code in the context of a user's session. This vulnerability can be exploited remotely, potentially enabling attackers to trick users into executing malicious scripts. Given the nature of the vulnerability, it raises significant concerns regarding the security and integrity of user data.",Sourcecodester,Leads Manager Tool,5.4,MEDIUM,0.0007600000244565308,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0