Cross Site Scripting Vulnerability in Rail Pass Management System by DiliLearngent
CVE-2023-31935

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Rail Pass Management System
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-31935?

A Cross Site Scripting (XSS) vulnerability has been identified in version 1.0 of the Rail Pass Management System. This flaw allows remote attackers to exploit the 'email' parameter in the admin-profile.php file, potentially leading to the exposure of sensitive information. As a result, attackers may manipulate web sessions, capture user credentials, or execute unintended scripts within the context of users' browsers, thus compromising the application's security integrity.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Apr 29, 2023

PHPgurukul

What is CVE-2023-31935?

References

CVSS V3.1

Timeline