Stored Cross-Site Scripting Vulnerability in Zoo Management System by Unknown Vendor
CVE-2023-41614

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Zoo Management System
Vendor: CVE Published:; 21 September 2023

Summary

A vulnerability exists in the Add Animal Details function of the Zoo Management System version 1.0, enabling attackers to inject arbitrary web scripts or HTML into the Description of Animal parameter. This stored XSS flaw allows malicious users to execute scripts when an unsuspecting administrator or user accesses the affected areas, potentially compromising sensitive data and leading to further attacks.

References

https://medium.com/%40guravtushar231/stored-xss-in-admin-...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2023
Vulnerability Reserved
Aug 30, 2023