Cross Site Scripting Vulnerability in Phpgurukul Park Ticketing Management System
CVE-2023-26958

4.8MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Park Ticketing Management System
Vendor
CVE Published:
27 March 2023

Summary

The Park Ticketing Management System 1.0 developed by Phpgurukul is susceptible to a Cross Site Scripting (XSS) attack through the Admin Name parameter. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and sensitive information. Proper validation and sanitization of input data are essential to mitigate this risk.

References

https://medium.com/%40shiva.infocop/stored-xss-park-ticke...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.