PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting
CVE-2023-0563

4.8MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Bank Locker Management System
Vendor: CVE Published:; 28 January 2023

Summary

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.

Affected Version(s)

Bank Locker Management System 1.0

References

https://vuldb.com/?id.219717

vdb-entrytechnical-description

https://vuldb.com/?ctiid.219717

signaturepermissions-required

https://github.com/ctflearner/Vulnerability/blob/main/Ban...

exploit

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2023
Vulnerability Reserved
Jan 28, 2023

Collectors

NVD DatabaseMitre Database

Credit

Affan (VulDB User)