Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System
CVE-2020-10107

5.4MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Daily Expense Tracker System
Vendor
CVE Published:
5 March 2020

Summary

The PHPGurukul Daily Expense Tracker System 1.0 contains a stored XSS vulnerability, primarily affecting the parameters ExpenseItem and ExpenseCost within manage-expense.php. This flaw allows attackers to inject malicious scripts into the web application, which can subsequently execute in the context of a user's browser, potentially compromising sensitive data and user sessions.

References

https://frostylabs.net/writeups/cve-2020-10107/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.