PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting
CVE-2023-0563

4.8MEDIUM

Key Information:

Vendor
PHPGurukul
Status
Bank Locker Management System
Vendor
CVE Published:
28 January 2023

Summary

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.

Affected Version(s)

Bank Locker Management System 1.0

References

https://vuldb.com/?id.219717
vdb-entrytechnical-description
https://vuldb.com/?ctiid.219717
signaturepermissions-required
https://github.com/ctflearner/Vulnerability/blob/main/Ban...
exploit

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Affan (VulDB User)
.