CVE-2021-43137

2021-12-0119:14:50

mitre

www.cve.org

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

References

www.exploit-db.com/exploits/50461