Cross-Site Scripting Vulnerability in Dairy Farm Shop Management System by PHPGurukul
CVE-2020-5308

6.1MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Dairy Farm Shop Management System
Vendor
CVE Published:
9 January 2020

Summary

The Dairy Farm Shop Management System version 1.0 from PHPGurukul is susceptible to Cross-Site Scripting (XSS) attacks. This vulnerability arises from improper handling of user-supplied input in various parameters such as 'category', 'CategoryCode' in add-category.php, 'CompanyName' in add-company.php, and 'ProductName' in add-product.php. Attackers can exploit this flaw to inject malicious scripts, potentially compromising the integrity of user interactions and exposing sensitive data.

References

https://phpgurukul.com/dairy-farm-shop-management-system-...
x_refsource_MISC
http://packetstormsecurity.com/files/155861/Dairy-Farm-Sh...
x_refsource_MISC
https://cinzinga.github.io/CVE-2020-5307-5308/
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.