Lucene search

K
cve[email protected]CVE-2023-36375
HistoryJul 10, 2023 - 5:15 p.m.

CVE-2023-36375

2023-07-1017:15:09
CWE-79
web.nvd.nist.gov
17
cve-2023-36375
cross site scripting
hostel management system
remote code execution
security vulnerability.

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

48.3%

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

Affected configurations

NVD
Node
phpgurukulhostel_management_systemMatch2.1
VendorProductVersionCPE
phpgurukulhostel_management_system2.1cpe:/a:phpgurukul:hostel_management_system:2.1:::

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

48.3%

Related for CVE-2023-36375