Stored Cross-Site Scripting in Bus Pass Management System by Abhiunix
CVE-2021-44317

5.4MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Bus Pass Management System
Vendor: CVE Published:; 16 December 2021

Summary

The Bus Pass Management System version 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting the 'pagedes' and 'About Us' parameters. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to user data compromise and session hijacking. Proper input validation and security measures should be implemented to mitigate this risk.

References

https://github.com/abhiunix/Bus-Pass-Management-System-v1...

x_refsource_MISC

https://github.com/abhiunix/Bus-Pass-Management-System-v1...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2021
Vulnerability Reserved
Nov 29, 2021