Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System
CVE-2021-26303

6.1MEDIUM

Key Information:

Vendor

PHPgurukul
Status
Daily Expense Tracker System
Vendor
CVE Published:
29 January 2021

What is CVE-2021-26303?

The PHPGurukul Daily Expense Tracker System version 1.0 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via the 'Full Name' field in the user profile section. This flaw can lead to unauthorized actions on behalf of legitimate users or exposure of sensitive information. Proper validation and sanitization of user input are essential to mitigate this risk.

References

https://packetstormsecurity.com/files/161114/Daily-Expens...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.