leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8366"]},"keywords":"CVE-2024-8366, Codezips Pharmacy Management System, Code Projects Pharmacy Management","mentions":[{"@type":"SoftwareApplication","name":"Pharmacy Management System","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Codezips"}},{"@type":"SoftwareApplication","name":"Pharmacy Management","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Code Projects"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2024-8366","item":"https://portal.vyprsec.ai/cves/CVE-2024-8366"}]}]}

Unrated severityNVD Advisory· Published Aug 31, 2024· Updated Sep 3, 2024

code-projects Pharmacy Management System Update My Profile Page index.php cross site scripting

CVE-2024-8366

Description

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in code-projects Pharmacy Management System 1.0 via fname, lname, email parameters on the Update My Profile page.

Vulnerability

The Pharmacy Management System version 1.0 from code-projects [1] contains a reflected cross-site scripting (XSS) vulnerability in the file /index.php?id=userProfileEdit of the "Update My Profile" page. The fname, lname, and email parameters are not sanitized, allowing injection of arbitrary HTML/JavaScript.

Exploitation

An unauthenticated remote attacker can craft a malicious URL containing script payloads in the fname, lname, or email parameters. The victim must click the link to trigger the XSS. The attack requires no authentication or special privileges.

Impact

Successful exploitation leads to execution of attacker-controlled JavaScript in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information visible on the page.

Mitigation

As of the publication date, no official fix has been released. Users should consider implementing input sanitization for the affected parameters or disabling the profile edit functionality until a patch is available. The software vendor (code-projects) has not announced a patched version.

References

Source Code & Projects

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Codezips/Pharmacy Management Systemllm-fuzzy
Range: =1.0
Code Projects/Pharmacy Managementcpe-rescue
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.commitrethird-party-advisory
code-projects.orgmitreproduct
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000