exploitDog

CVE-2023-36375

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

Ссылки

https://medium.com/@ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc
https://packetstormsecurity.com
Mitigation
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50628
https://medium.com/%40ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc
Exploit
Third Party Advisory
https://packetstormsecurity.com
Mitigation
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0058

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j94g-69xw-xx5q

CVSS3: 5.4

github

больше 2 лет назад

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

EPSS

Процентиль: 68%

0.0058

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79