PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
Recent assessments:
cinzinga at March 09, 2020 9:33pm UTC reported:
I am the author of this vulnerability. This is a stored cross site scripting vulnerability. It could be paired with CVE-2020-5307 which is an unauthenticated SQL injection to obtain login credentials, then plant the stored XSS payload.
Blog post: <https://cinzinga.github.io/CVE-2020-5307-5308/>
Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 3