Lucene search

[email protected]CVE-2023-36375

HistoryJul 10, 2023 - 5:15 p.m.

CVE-2023-36375

2023-07-1017:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-36375

cross site scripting

hostel management system

remote code execution

security vulnerability.

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

Affected configurations

NVD

Node

phpgurukulhostel_management_systemMatch2.1

VendorProductVersionCPE
phpgurukulhostel_management_system2.1cpe:/a:phpgurukul:hostel_management_system:2.1:::

Vendor	Product	Version	CPE
phpgurukul	hostel_management_system	2.1	cpe:/a:phpgurukul:hostel_management_system:2.1:::

References

medium.com/%40ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc

packetstormsecurity.com