Cross-Site Scripting Flaw in PHPGurukul Online Fire Reporting System
CVE-2023-36941

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Online Fire Reporting System
Vendor: CVE Published:; 27 July 2023

What is CVE-2023-36941?

A cross-site scripting (XSS) vulnerability exists in the PHPGurukul Online Fire Reporting System Using PHP and MySQL version 1.2. This flaw allows attackers to inject malicious web scripts or HTML through specially crafted payloads entered in the team name, leader, and member fields. If exploited, it can lead to unauthorized script execution in the browser context of users interacting with the application, potentially compromising sensitive information or enabling further exploits.

References

https://packetstormsecurity.com

https://medium.com/%40ridheshgohil1092/cve-2023-36941-xss...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jun 28, 2023

PHPgurukul

What is CVE-2023-36941?

References

CVSS V3.1

Timeline