Cross Site Scripting Vulnerability in PHPGurukul Beauty Parlour Management System
CVE-2021-27544

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Beauty Parlour Management System
Vendor: CVE Published:; 15 April 2021

Summary

The Beauty Parlour Management System version 1.0 contains a Cross Site Scripting (XSS) vulnerability in the 'add-services.php' component, which allows remote attackers to inject arbitrary HTML and execute arbitrary code via the 'sername' parameter. This flaw can potentially compromise user data and lead to unauthorized access, emphasizing the necessity for prompt remedial actions.

References

https://packetstormsecurity.com/files/161468/Beauty-Parlo...

x_refsource_MISC

https://github.com/BigTiger2020/Beauty-Parlour-Management...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2021
Vulnerability Reserved
Feb 22, 2021