Описание
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00135
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.8
github
около 4 лет назад
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
EPSS
Процентиль: 34%
0.00135
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79