Cross-Site Scripting (XSS) vulnerability in /jobportal/index.php could allow attacker to retrieve session details of authenticated users
CVE-2024-8472

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Job Portal Software, which fails to properly encrypt user-controlled input. This lack of encryption enables attackers to inject malicious scripts into web applications, giving them the potential to retrieve sensitive session details of authenticated users. The vulnerability can be exploited through multiple parameters, specifically in the /jobportal/index.php file, making it essential for users and administrators to immediately address this security flaw to protect user data.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Rafael Pedrero