Hostel Management System Security Vulnerabilities
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
5.4CVSS
5.2AI Score
0.002EPSS
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
9.8CVSS
9.7AI Score
0.003EPSS
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
8.8CVSS
8.2AI Score
0.001EPSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
6.1CVSS
6.1AI Score
0.0005EPSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
6.1CVSS
6AI Score
0.001EPSS
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
5.4CVSS
5.7AI Score
0.001EPSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
4.8CVSS
4.9AI Score
0.001EPSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
6.1CVSS
5.8AI Score
0.002EPSS