Cross Site Scripting Vulnerability in PHPGurukul Online Fire Reporting System
CVE-2023-36940

4.8MEDIUM

Key Information:

Vendor

PHPgurukul
Status
Online Fire Reporting System
Vendor
CVE Published:
10 July 2023

What is CVE-2023-36940?

A Cross Site Scripting (XSS) vulnerability exists in the PHPGurukul Online Fire Reporting System, version 1.2. This security flaw allows malicious actors to inject arbitrary code into the application via a maliciously crafted payload entered into the search field. If successfully exploited, this vulnerability could lead to unauthorized actions being executed within the browser context of users, posing significant risks to data integrity and confidentiality. Organizations utilizing this system are urged to implement security measures to mitigate potential exploitation.

References

https://packetstormsecurity.com
https://medium.com/%40ridheshgohil1092/cve-2023-36940-xss...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.