Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System
CVE-2021-26303
6.1MEDIUM
Summary
The PHPGurukul Daily Expense Tracker System version 1.0 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via the 'Full Name' field in the user profile section. This flaw can lead to unauthorized actions on behalf of legitimate users or exposure of sensitive information. Proper validation and sanitization of user input are essential to mitigate this risk.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved