Cross Site Scripting Vulnerability in PHPGurukul Online Fire Reporting System
CVE-2023-36940

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Online Fire Reporting System
Vendor: CVE Published:; 10 July 2023

Summary

A Cross Site Scripting (XSS) vulnerability exists in the PHPGurukul Online Fire Reporting System, version 1.2. This security flaw allows malicious actors to inject arbitrary code into the application via a maliciously crafted payload entered into the search field. If successfully exploited, this vulnerability could lead to unauthorized actions being executed within the browser context of users, posing significant risks to data integrity and confidentiality. Organizations utilizing this system are urged to implement security measures to mitigate potential exploitation.

References

https://packetstormsecurity.com

https://medium.com/%40ridheshgohil1092/cve-2023-36940-xss...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 28, 2023