Cross-Site Scripting Vulnerability in PHPGurukul Online Fire Reporting System
CVE-2023-36942

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Online Fire Reporting System
Vendor: CVE Published:; 27 July 2023

Summary

The Online Fire Reporting System developed by PHPGurukul is susceptible to a Cross-Site Scripting (XSS) vulnerability. An attacker can exploit this vulnerability by injecting malicious scripts into the website title field. When this data is processed and displayed, it can lead to the execution of arbitrary web scripts or HTML in the context of the user's browser session. This poses significant security risks, including data theft, session hijacking, and other malicious activities that can compromise user safety and system integrity.

References

https://packetstormsecurity.com

https://medium.com/%40ridheshgohil1092/cve-2023-36942-xss...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
Jun 28, 2023