Lucene search

[email protected]CVE-2023-33580

HistoryJun 26, 2023 - 4:15 p.m.

CVE-2023-33580

2023-06-2616:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-33580

nvd

security

xss

vulnerability

phpgurukul student study center management system

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.7%

JSON

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the “Admin Name” field on Admin Profile page.

Affected configurations

NVD

Node

phpgurukulstudent_study_center_management_systemMatch1.0

CPENameOperatorVersion
phpgurukul:student_study_center_management_systemphpgurukul student study center management systemeq1.0

CPE	Name	Operator	Version
phpgurukul:student_study_center_management_system	phpgurukul student study center management system	eq	1.0

References

packetstormsecurity.com/files/173030/Student-Study-Center-Management-System-1.0-Cross-Site-Scripting.html

github.com/sudovivek/My-CVE/blob/main/CVE-2023-33580_exploit.md

phpgurukul.com/student-study-center-management-system-using-php-and-mysql/

www.exploit-db.com/exploits/51528