Lucene search

K
attackerkbAttackerKBAKB:3946FBD1-08DB-4CF4-A269-C80337F21947
HistoryJan 07, 2020 - 12:00 a.m.

CVE-2020-5308

2020-01-0700:00:00
attackerkb.com
16

0.022 Low

EPSS

Percentile

89.5%

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.

Recent assessments:

cinzinga at March 09, 2020 9:33pm UTC reported:

I am the author of this vulnerability. This is a stored cross site scripting vulnerability. It could be paired with CVE-2020-5307 which is an unauthenticated SQL injection to obtain login credentials, then plant the stored XSS payload.

Blog post: <https://cinzinga.github.io/CVE-2020-5307-5308/&gt;

Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 3

0.022 Low

EPSS

Percentile

89.5%

Related for AKB:3946FBD1-08DB-4CF4-A269-C80337F21947