Cross Site Scripting Vulnerability in Employee Record Management System by PHP Gurukul
CVE-2021-37781

5.4MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Employee Record Management System
Vendor: CVE Published:; 28 October 2022

Summary

The Employee Record Management System version 1.2 is susceptible to Cross Site Scripting (XSS) attacks via the editempprofile.php file. This vulnerability can allow an attacker to inject malicious scripts into web pages that are viewed by other users. If successfully exploited, it could lead to unauthorized actions, data theft, or compromised user sessions.

References

https://phpgurukul.com/employee-record-management-system-...

https://github.com/BigTiger2020/Employee-Record-Managemen...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Aug 2, 2021