Cross Site Scripting Vulnerability in phpgurukul Teacher Subject Allocation Management System
CVE-2023-46026

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Teacher Subject Allocation Management System
Vendor: CVE Published:; 14 November 2023

Summary

The phpgurukul Teacher Subject Allocation Management System version 1.0 is susceptible to a Cross Site Scripting vulnerability due to improper validation of user input in profile.php. Attackers can exploit this flaw by injecting malicious scripts through the 'adminname' and 'email' parameters. This could lead to unauthorized access or manipulation of sensitive data, highlighting the critical need for users to apply security patches and validate input effectively.

References

https://github.com/ersinerenler/phpgurukul-Teacher-Subjec...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 16, 2023