Описание
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
8.7 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.7
github
около 1 месяца назад
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.
EPSS
Процентиль: 9%
0.00033
Низкий
8.7 High
CVSS3
Дефекты
CWE-79